1 |
davidwhodgins |
117 |
type: security |
2 |
|
|
subject: Updated jakarta-commons-httpclient package fixes security vulnerability |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2012-5783 |
5 |
|
|
src: |
6 |
|
|
2: |
7 |
|
|
core: |
8 |
|
|
- jakarta-commons-httpclient-3.1-3.1.mga2 |
9 |
|
|
description: | |
10 |
|
|
The Jakarta Commons HttpClient component did not verify that the server |
11 |
|
|
hostname matched the domain name in the subject's Common Name (CN) or |
12 |
|
|
subjectAltName field in X.509 certificates. This could allow a |
13 |
|
|
man-in-the-middle attacker to spoof an SSL server if they had a certificate |
14 |
|
|
that was valid for any domain name (CVE-2012-5783). |
15 |
|
|
references: |
16 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=8933 |
17 |
|
|
- https://rhn.redhat.com/errata/RHSA-2013-0270.html |
18 |
boklm |
142 |
ID: MGASA-2013-0199 |