Lucene search
Redhat.comRH:CVE-2017-1000396HistoryNov 21, 2017 - 11:21 a.m.
CVE-2017-1000396
2017-11-2111:21:17
redhat.com
access.redhat.com
11
0.001 Low
EPSS
Percentile
51.3%
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins.
Related
cvelist
cvelist
CVE-2017-1000396
2018-01-26 02:00:00
CVE-2017-1000397
2018-01-26 02:00:00
CVE-2017-1000402
2018-01-26 02:00:00
github
github
Improper Certificate Validation in Jenkins
2022-05-14 01:04:35
MitM on Jenkins Maven Plugin
2022-05-14 03:45:43
Improper certificate validation in org.apache.httpcomponents:httpclient
2018-10-17 00:05:15
ubuntucve
ubuntucve
cve
cve
CVE-2017-1000396
2018-01-26 02:29:00
CVE-2017-1000402
2018-01-26 02:29:01
CVE-2012-6153
2014-09-04 17:55:04
osv
osv
Improper Certificate Validation in Jenkins
2022-05-14 01:04:35
CVE-2017-1000396
2018-01-26 02:29:00
Improper certificate validation in org.apache.httpcomponents:httpclient
2018-10-17 00:05:15
prion
prion
Design/Logic Flaw
2018-01-26 02:29:00
Design/Logic Flaw
2018-01-26 02:29:00
Design/Logic Flaw
2014-09-04 17:55:00
nvd
nvd
CVE-2017-1000396
2018-01-26 02:29:00
CVE-2017-1000402
2018-01-26 02:29:01
CVE-2012-6153
2014-09-04 17:55:04
redhat
redhat
nessus
nessus
RHEL 6 : devtoolset-2-httpcomponents-client (RHSA-2014:1098)
2014-11-08 00:00:00
RHEL 5 / 6 : JBoss EAP (RHSA-2014:1834)
2014-11-12 00:00:00
mageia
mageia
securityvulns
securityvulns
[ MDVSA-2014:170 ] jakarta-commons-httpclient
2014-10-15 00:00:00
openvas
openvas
RedHat Update for jakarta-commons-httpclient RHSA-2014:1166-01
2014-09-09 00:00:00
CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos7
2014-09-10 00:00:00
CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos6
2014-09-09 00:00:00
ibm
ibm
freebsd
freebsd
Axis2 -- Security vulnerabilities on dependency Apache HttpClient
2012-12-06 00:00:00
f5
f5
K15364328 : Apache vulnerabilities CVE-2012-5783 and CVE-2012-6153
2016-02-02 00:00:00
K15741 : Apache Commons HttpClient vulnerability CVE-2012-6153
2014-10-27 00:00:00
SOL15741 - Apache Commons HttpClient vulnerability CVE-2012-6153
2014-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: httpcomponents-client-4.2.5-4.fc20
2014-08-30 03:58:27
[SECURITY] Fedora 19 Update: httpcomponents-client-4.2.5-4.fc19
2014-08-30 03:57:30
[SECURITY] Fedora 19 Update: jakarta-commons-httpclient-3.1-15.fc19
2014-08-27 01:28:57
veracode
veracode
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 08:59:46
redhatcve
redhatcve
CVE-2017-1000402
2017-11-21 11:23:42
debiancve
debiancve
CVE-2012-6153
2014-09-04 17:55:04
amazon
amazon
Important: jakarta-commons-httpclient
2014-09-17 21:47:00
debian
debian
[SECURITY] [DLA 222-1] commons-httpclient security update
2015-05-19 15:18:39
ubuntu
ubuntu
Apache Commons HttpClient vulnerabilities
2015-10-14 00:00:00