Lucene search
Ubuntu.comUB:CVE-2012-5783HistoryNov 04, 2012 - 12:00 a.m.
CVE-2012-5783
2012-11-0400:00:00
ubuntu.com
ubuntu.com
14
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
61.5%
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service
(FPS) merchant Java SDK and other products, does not verify that the server
hostname matches a domain name in the subject’s Common Name (CN) or
subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof SSL servers via an arbitrary valid
certificate.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692442>
- <https://issues.apache.org/jira/browse/HTTPCLIENT-1265>
- <https://issues.apache.org/jira/browse/httpclient-613>
Notes
| Author | Note |
|---|---|
| seth-arnold | Apache Commons HttpClient has been replaced by HttpComponents |
| mdeslaur | debian released 3.1-10.1 with a possible regression fix was incomplete, see CVE-2012-6153 and CVE-2014-3577 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 12.04 | noarch | commons-httpclient | < 3.1-10ubuntu0.1 | UNKNOWN |
Related
f5
f5
SOL15364328 - Apache vulnerabilities CVE-2012-5783, CVE-2012-6153, and CVE-2014-3577
2016-02-02 00:00:00
K15741 : Apache Commons HttpClient vulnerability CVE-2012-6153
2014-10-27 00:00:00
K15364328 : Apache vulnerabilities CVE-2012-5783 and CVE-2012-6153
2016-02-02 00:00:00
nessus
nessus
RHEL 4 / 5 / 6 : JBoss EAP (RHSA-2014:1321)
2014-10-01 00:00:00
Debian DLA-222-1 : commons-httpclient security update
2015-05-20 00:00:00
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:1162)
2014-09-08 00:00:00
redhat
redhat
amazon
amazon
Important: jakarta-commons-httpclient
2014-09-17 21:47:00
Medium: jakarta-commons-httpclient
2013-03-14 22:04:00
debian
debian
[SECURITY] [DLA 222-1] commons-httpclient security update
2015-05-19 15:18:39
osv
osv
commons-httpclient - security update
2015-05-19 00:00:00
Improper certificate validation in org.apache.httpcomponents:httpclient
2018-10-17 00:05:15
Improper Certificate Validation in apache HttpClient
2022-05-13 01:10:34
openvas
openvas
Fedora Update for jakarta-commons-httpclient FEDORA-2014-9539
2014-08-27 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-410)
2015-09-08 00:00:00
Fedora Update for jakarta-commons-httpclient FEDORA-2014-9581
2014-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: jakarta-commons-httpclient-3.1-15.fc19
2014-08-27 01:28:57
[SECURITY] Fedora 20 Update: jakarta-commons-httpclient-3.1-15.fc20
2014-08-27 01:31:46
[SECURITY] Fedora 20 Update: httpcomponents-client-4.2.5-4.fc20
2014-08-30 03:58:27
ibm
ibm
securityvulns
securityvulns
[USN-2769-1] Apache Commons HttpClient
2015-10-25 00:00:00
CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
2014-08-18 00:00:00
[ MDVSA-2014:170 ] jakarta-commons-httpclient
2014-10-15 00:00:00
ubuntu
ubuntu
Apache Commons HttpClient vulnerabilities
2015-10-14 00:00:00
github
github
Improper certificate validation in org.apache.httpcomponents:httpclient
2018-10-17 00:05:15
Improper Certificate Validation in apache HttpClient
2022-05-13 01:10:34
ubuntucve
ubuntucve
CVE-2012-6153
2014-09-04 00:00:00
CVE-2014-3577
2014-08-21 00:00:00
debiancve
debiancve
CVE-2012-6153
2014-09-04 17:55:00
CVE-2012-5783
2012-11-04 22:55:00
freebsd
freebsd
Axis2 -- Security vulnerabilities on dependency Apache HttpClient
2012-12-06 00:00:00
mageia
mageia
Updated Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities
2014-08-25 12:44:11
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability
2014-08-25 12:44:11
Updated jakarta-commons-httpclient package fixes security vulnerability
2013-07-06 18:11:31
atlassian
atlassian
veracode
veracode
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 08:59:46
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 08:56:38
prion
prion
Design/Logic Flaw
2014-09-04 17:55:00
Code injection
2012-11-04 22:55:00
cve
cve
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0141
2020-09-17 00:00:00
oraclelinux
oraclelinux
jakarta-commons-httpclient security update
2013-02-19 00:00:00
jakarta-commons-httpclient security update
2014-09-08 00:00:00
aix
aix
AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient
2023-04-13 13:44:57
centos
centos
jakarta security update
2013-02-20 02:59:36
jakarta security update
2014-09-08 16:54:16
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
61.5%
Related for UB:CVE-2012-5783