advisories/8933.adv

type: security
subject: Updated jakarta-commons-httpclient package fixes security vulnerability
CVE:
 - CVE-2012-5783
src:
  2:
   core:
     - jakarta-commons-httpclient-3.1-3.1.mga2
description: |
  The Jakarta Commons HttpClient component did not verify that the server
  hostname matched the domain name in the subject's Common Name (CN) or
  subjectAltName field in X.509 certificates. This could allow a
  man-in-the-middle attacker to spoof an SSL server if they had a certificate
  that was valid for any domain name (CVE-2012-5783).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=8933
 - https://rhn.redhat.com/errata/RHSA-2013-0270.html
1	type: security
2	subject: Updated jakarta-commons-httpclient package fixes security vulnerability
3	CVE:
4	- CVE-2012-5783
5	src:
6	2:
7	core:
8	- jakarta-commons-httpclient-3.1-3.1.mga2
9	description: \|
10	The Jakarta Commons HttpClient component did not verify that the server
11	hostname matched the domain name in the subject's Common Name (CN) or
12	subjectAltName field in X.509 certificates. This could allow a
13	man-in-the-middle attacker to spoof an SSL server if they had a certificate
14	that was valid for any domain name (CVE-2012-5783).
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=8933
17	- https://rhn.redhat.com/errata/RHSA-2013-0270.html