CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
73.3%
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a ‘Man in the Middle Attack’ due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used (CVE-2012-6153). The Apache httpcomponents HttpClient component may be susceptible to a ‘Man in the Middle Attack’ due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used (CVE-2014-3577).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | jakarta-commons-httpclient | < 3.1-11.1 | jakarta-commons-httpclient-3.1-11.1.mga4 |
Mageia | 4 | noarch | httpcomponents-client | < 4.3.5-1 | httpcomponents-client-4.3.5-1.mga4 |