191 matches found
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...
Design/Logic Flaw
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...
CVE-2012-6153
Apache Commons HttpClient before 4.2.3 fails to verify that the server hostname matches the domain name in the certificate’s CN/subjectAltName (AbstractVerifier.java), enabling MITM SSL spoofing. This is a follow-on to an incomplete fix for CVE-2012-5783; the issue has affected various Java deplo...
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...
Fedora Update for jakarta-commons-httpclient FEDORA-2014-9581
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : jakarta-commons-httpclient-3.1-15.fc20 (2014-9581)
Security fix for CVE-2014-3577, CVE-2012-6153 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora Update for jakarta-commons-httpclient FEDORA-2014-9539
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2014-0348 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side...
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...
MGASA-2014-0347 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...
openSUSE Security Update : jakarta-commons-httpclient (openSUSE-SU-2013:0622-1)
jakarta-commons-httpclient was updated to enhance the fix of bnc803332 / CVE-2012-5783 - also check for subjectAltNames in the certificate. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2013-169)
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Oracle Linux 5 / 6 : jakarta-commons-httpclient (ELSA-2013-0270)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0270 advisory. 1:3.1-0.7 - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5783 Tenable has extracted the preceding description...
MGASA-2013-0199 Updated jakarta-commons-httpclient package fixes security vulnerability
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...
Updated jakarta-commons-httpclient package fixes security vulnerability
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update
Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...