Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-5783

Опубликовано: 16 окт. 2012
Источник: redhat
CVSS3: 3.7
CVSS2: 4.3

Описание

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Enterprise Web Server 1jakarta-commons-httpclientWill not fix
Red Hat JBoss Fuse 6apache-commons-httpclientAffected
Red Hat JBoss Operations Network 3.1jakarta-commons-httpclientAffected
Red Hat JBoss Portal 4jakarta-commons-httpclientWill not fix
Red Hat JBoss Portal 5jakarta-commons-httpclientWill not fix
Red Hat JBoss SOA Platform 4.2jakarta-commons-httpclientWill not fix
Red Hat JBoss SOA Platform 4.3jakarta-commons-httpclientWill not fix
Red Hat Satellite 5.0jakarta-commons-httpclientWill not fix
Red Hat Satellite 5.1jakarta-commons-httpclientWill not fix
Red Hat Satellite 5.2jakarta-commons-httpclientWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=873317jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

3.7 Low

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-5783

ubuntu
больше 13 лет назад

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

nvd логотип

CVE-2012-5783

nvd
больше 13 лет назад

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

debian логотип

CVE-2012-5783

debian
больше 13 лет назад

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Ser ...

github логотип

GHSA-3832-9276-x7gf

github
больше 3 лет назад

Improper Certificate Validation in Apache Commons HttpClient

oracle-oval логотип

ELSA-2013-0270

oracle-oval
почти 13 лет назад

ELSA-2013-0270: jakarta-commons-httpclient security update (MODERATE)

3.7 Low

CVSS3

4.3 Medium

CVSS2