CVE-2012-6153 (Medium) detected in commons-httpclient-3.0.jar #21
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2012-6153 - Medium Severity Vulnerability
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 20200331003935/downloadResource_c7379491-5bec-4189-8c17-3b3373ee8683/20200331011150/commons-httpclient-3.0.jar
Dependency Hierarchy:
Found in HEAD commit: e0626db424b40bfbf3e3f464e87d6c282f79ac11
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
Publish Date: 2014-09-04
URL: CVE-2012-6153
Base Score Metrics not available
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6153
Release Date: 2014-09-04
Fix Resolution: 4.2.3
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: