Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-5783

Опубликовано: 16 окт. 2012
Источник: redhat
CVSS3: 3.7
CVSS2: 4.3
EPSS Низкий

Описание

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Enterprise Web Server 1jakarta-commons-httpclientWill not fix
Red Hat JBoss Fuse 6apache-commons-httpclientAffected
Red Hat JBoss Operations Network 3.1jakarta-commons-httpclientAffected
Red Hat JBoss Portal 4jakarta-commons-httpclientWill not fix
Red Hat JBoss Portal 5jakarta-commons-httpclientWill not fix
Red Hat JBoss SOA Platform 4.2jakarta-commons-httpclientWill not fix
Red Hat JBoss SOA Platform 4.3jakarta-commons-httpclientWill not fix
Red Hat Satellite 5.0jakarta-commons-httpclientWill not fix
Red Hat Satellite 5.1jakarta-commons-httpclientWill not fix
Red Hat Satellite 5.2jakarta-commons-httpclientWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=873317jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

EPSS

Процентиль: 70%
0.00649
Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-5783

ubuntu
около 13 лет назад

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

nvd логотип

CVE-2012-5783

nvd
около 13 лет назад

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

debian логотип

CVE-2012-5783

debian
около 13 лет назад

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Ser ...

github логотип

GHSA-3832-9276-x7gf

github
больше 3 лет назад

Improper Certificate Validation in Apache Commons HttpClient

oracle-oval логотип

ELSA-2013-0270

oracle-oval
больше 12 лет назад

ELSA-2013-0270: jakarta-commons-httpclient security update (MODERATE)

EPSS

Процентиль: 70%
0.00649
Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2