Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2013-0270

Опубликовано: 19 фев. 2013
Источник: oracle-oval
Платформа: Oracle Linux 5
Платформа: Oracle Linux 6

Описание

ELSA-2013-0270: jakarta-commons-httpclient security update (MODERATE)

[1:3.1-0.7]

  • Add missing connection hostname check against X.509 certificate name
  • Resolves: CVE-2012-5783

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

jakarta-commons-httpclient

3.0-7jpp.2

jakarta-commons-httpclient-demo

3.0-7jpp.2

jakarta-commons-httpclient-javadoc

3.0-7jpp.2

jakarta-commons-httpclient-manual

3.0-7jpp.2

Oracle Linux x86_64

jakarta-commons-httpclient

3.0-7jpp.2

jakarta-commons-httpclient-demo

3.0-7jpp.2

jakarta-commons-httpclient-javadoc

3.0-7jpp.2

jakarta-commons-httpclient-manual

3.0-7jpp.2

Oracle Linux i386

jakarta-commons-httpclient

3.0-7jpp.2

jakarta-commons-httpclient-demo

3.0-7jpp.2

jakarta-commons-httpclient-javadoc

3.0-7jpp.2

jakarta-commons-httpclient-manual

3.0-7jpp.2

Oracle Linux 6

Oracle Linux x86_64

jakarta-commons-httpclient

3.1-0.7.el6_3

jakarta-commons-httpclient-demo

3.1-0.7.el6_3

jakarta-commons-httpclient-javadoc

3.1-0.7.el6_3

jakarta-commons-httpclient-manual

3.1-0.7.el6_3

Oracle Linux i686

jakarta-commons-httpclient

3.1-0.7.el6_3

jakarta-commons-httpclient-demo

3.1-0.7.el6_3

jakarta-commons-httpclient-javadoc

3.1-0.7.el6_3

jakarta-commons-httpclient-manual

3.1-0.7.el6_3

Связанные CVE

CVE-2012-5783

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2012-5783

ubuntu
почти 13 лет назад

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

redhat логотип

CVE-2012-5783

CVSS3: 3.7
redhat
почти 13 лет назад

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

nvd логотип

CVE-2012-5783

nvd
почти 13 лет назад

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

debian логотип

CVE-2012-5783

debian
почти 13 лет назад

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Ser ...

github логотип

GHSA-3832-9276-x7gf

github
больше 3 лет назад

Improper Certificate Validation in Apache Commons HttpClient