CVE-2012-5783
Apache Commons HttpClient 3.x (as used in Amazon FPS Java SDK and related products) is affected by CVE-2012-5783: the code does not verify that the server hostname matches the CN/subjectAltName in the X.509 certificate, enabling potential MITM spoofing with arbitrary certificates. AIX advisories,...