1 |
type: security |
2 |
subject: Updated jakarta-commons-httpclient package fixes security vulnerability |
3 |
CVE: |
4 |
- CVE-2012-5783 |
5 |
src: |
6 |
2: |
7 |
core: |
8 |
- jakarta-commons-httpclient-3.1-3.1.mga2 |
9 |
description: | |
10 |
The Jakarta Commons HttpClient component did not verify that the server |
11 |
hostname matched the domain name in the subject's Common Name (CN) or |
12 |
subjectAltName field in X.509 certificates. This could allow a |
13 |
man-in-the-middle attacker to spoof an SSL server if they had a certificate |
14 |
that was valid for any domain name (CVE-2012-5783). |
15 |
references: |
16 |
- https://bugs.mageia.org/show_bug.cgi?id=8933 |
17 |
- https://rhn.redhat.com/errata/RHSA-2013-0270.html |
18 |
ID: MGASA-2013-0199 |