| 1 |
davidwhodgins |
117 |
type: security |
| 2 |
|
|
subject: Updated jakarta-commons-httpclient package fixes security vulnerability |
| 3 |
|
|
CVE: |
| 4 |
|
|
- CVE-2012-5783 |
| 5 |
|
|
src: |
| 6 |
|
|
2: |
| 7 |
|
|
core: |
| 8 |
|
|
- jakarta-commons-httpclient-3.1-3.1.mga2 |
| 9 |
|
|
description: | |
| 10 |
|
|
The Jakarta Commons HttpClient component did not verify that the server |
| 11 |
|
|
hostname matched the domain name in the subject's Common Name (CN) or |
| 12 |
|
|
subjectAltName field in X.509 certificates. This could allow a |
| 13 |
|
|
man-in-the-middle attacker to spoof an SSL server if they had a certificate |
| 14 |
|
|
that was valid for any domain name (CVE-2012-5783). |
| 15 |
|
|
references: |
| 16 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=8933 |
| 17 |
|
|
- https://rhn.redhat.com/errata/RHSA-2013-0270.html |
| 18 |
boklm |
142 |
ID: MGASA-2013-0199 |
Parent Directory
| 
Revision Log