Lucene search
F5F5:K15741HistoryOct 27, 2014 - 12:00 a.m.
K15741 : Apache Commons HttpClient vulnerability CVE-2012-6153
2014-10-2700:00:00
my.f5.com
16
Security Advisory Description
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. (CVE-2012-6153)
Note: this issue exists because of an incomplete fix for CVE-2012-5783.
Impact
None. No F5 products are affected by this vulnerability.
Related
ubuntucve
ubuntucve
nvd
nvd
github
github
Improper certificate validation in org.apache.httpcomponents:httpclient
2018-10-17 00:05:15
Improper Certificate Validation in apache HttpClient
2022-05-13 01:10:34
Jenkins Swarm Plugin Client vulnerable to man-in-the-middle attacks
2022-05-14 03:45:42
debiancve
debiancve
CVE-2012-6153
2014-09-04 17:55:04
CVE-2012-5783
2012-11-04 22:55:03
osv
osv
Improper certificate validation in org.apache.httpcomponents:httpclient
2018-10-17 00:05:15
commons-httpclient - security update
2015-05-19 00:00:00
Improper Certificate Validation in apache HttpClient
2022-05-13 01:10:34
f5
f5
K15364328 : Apache vulnerabilities CVE-2012-5783 and CVE-2012-6153
2016-02-02 00:00:00
SOL15741 - Apache Commons HttpClient vulnerability CVE-2012-6153
2014-10-27 00:00:00
cve
cve
veracode
veracode
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 08:59:46
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 08:56:38
prion
prion
Design/Logic Flaw
2014-09-04 17:55:00
Code injection
2012-11-04 22:55:00
Design/Logic Flaw
2018-01-26 02:29:00
cvelist
cvelist
nessus
nessus
Debian DLA-222-1 : commons-httpclient security update
2015-05-20 00:00:00
RHEL 4 / 5 / 6 : JBoss EAP (RHSA-2014:1321)
2014-10-01 00:00:00
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:1162)
2014-09-08 00:00:00
amazon
amazon
Important: jakarta-commons-httpclient
2014-09-17 21:47:00
Medium: jakarta-commons-httpclient
2013-03-14 22:04:00
redhat
redhat
debian
debian
[SECURITY] [DLA 222-1] commons-httpclient security update
2015-05-19 15:18:39
openvas
openvas
Fedora Update for jakarta-commons-httpclient FEDORA-2014-9539
2014-08-27 00:00:00
Debian: Security Advisory (DLA-222-1)
2023-03-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-410)
2015-09-08 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: jakarta-commons-httpclient-3.1-15.fc19
2014-08-27 01:28:57
[SECURITY] Fedora 20 Update: jakarta-commons-httpclient-3.1-15.fc20
2014-08-27 01:31:46
[SECURITY] Fedora 16 Update: jakarta-commons-httpclient-3.1-12.fc16
2013-02-01 16:49:49
ibm
ibm
securityvulns
securityvulns
[USN-2769-1] Apache Commons HttpClient
2015-10-25 00:00:00
[ MDVSA-2014:170 ] jakarta-commons-httpclient
2014-10-15 00:00:00
ubuntu
ubuntu
Apache Commons HttpClient vulnerabilities
2015-10-14 00:00:00
mageia
mageia
wolfi
wolfi
CVE-2012-5783 vulnerabilities
2024-07-01 09:08:36
oraclelinux
oraclelinux
jakarta-commons-httpclient security update
2013-02-19 00:00:00
centos
centos
jakarta security update
2013-02-20 02:59:36
aix
aix
AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient
2023-04-13 13:44:57
cgr
cgr
CVE-2012-5783 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2017-1000402
2017-11-21 11:23:42
CVE-2017-1000396
2017-11-21 11:21:17
freebsd
freebsd
Axis2 -- Security vulnerabilities on dependency Apache HttpClient
2012-12-06 00:00:00
atlassian
atlassian