Several security issues were fixed in commons-httpclient ...
Synopsis
Moderate: jakarta-commons-httpclient security update
Type/Severity
Security Advisory: Moderate
Topic
An updated jakarta-commons-httpclient package for JBoss EnterpriseApplication Platform 520 which fixes one security issue is now availablefor Red Hat Enterprise Linux 4, 5, and 6The Red Hat Secur ...
Synopsis
Moderate: jakarta-commons-httpclient security update
Type/Severity
Security Advisory: Moderate
Topic
Updated jakarta-commons-httpclient packages that fix one security issue arenow available for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moder ...
Synopsis
Critical: Red Hat Fuse 712 release and security update
Type/Severity
Security Advisory: Critical
Topic
A minor version update (from 711 to 712) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as h ...
Synopsis
Moderate: jakarta-commons-httpclient security update
Type/Severity
Security Advisory: Moderate
Topic
An updated jakarta-commons-httpclient package for JBoss Enterprise WebPlatform 520 which fixes one security issue is now available forRed Hat Enterprise Linux 4, 5, and 6The Red Hat Security Resp ...
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 632 security update
Type/Severity
Security Advisory: Important
Topic
Updated Red Hat JBoss Enterprise Application Platform 632 packages thatfix three security issues are now available for Red Hat Enterprise Linux 5,6, and 7Red Hat Produc ...
Debian Bug report logs -
#692650
axis: CVE-2012-5784
Package:
axis;
Maintainer for axis is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@inutilorg>
Date: Thu, 8 Nov 2012 07:15:02 UTC
Severity: grave
Tags: patch, security
Fixed in versions axis/14-162 ...
Debian Bug report logs -
#692442
CVE-2012-5783: Insecure certificate validation
Package:
commons-httpclient;
Maintainer for commons-httpclient is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Moritz Muehlenhoff <jmm@inutilorg>
Date: Tue, 6 Nov 2012 11:00:01 UTC
Severity: impor ...
Debian Bug report logs -
#758086
CVE-2014-3577 Apache HttpComponents hostname verification bypass
Package:
commons-httpclient;
Maintainer for commons-httpclient is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Henri Salo <henri@nervfi>
Date: Thu, 14 Aug 2014 07:15:02 UTC
Severi ...
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X509 certificates This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name (CVE-2012-5783) ...
Apache Commons HttpClient 3x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid ...