apache commons-httpclient vulnerabilities and exploits

(subscribe to this query)

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient prior to 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle maliciou...

Apache Commons-httpclient

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which all...

Apache Httpclient 3.1 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 15.04

1 Github repository

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient prior to 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote malicious users to cause a denial of service (HTTPS call hang) via unspecified vecto...

Fedoraproject Fedora 22 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.04 Fedoraproject Fedora 23 Fedoraproject Fedora 21 Canonical Ubuntu Linux 15.04 Apache Httpclient

5 Github repositories

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient prior to 4.3.5 and HttpAsyncClient prior to 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 cert...

Apache Httpclient Apache Httpasyncclient

4 Github repositories

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook