You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 20200331003935/downloadResource_c7379491-5bec-4189-8c17-3b3373ee8683/20200331011150/commons-httpclient-3.0.jar
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
CVE-2012-6153 - Medium Severity Vulnerability
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
Path to dependency file: /tmp/ws-scm/AddOnJavaAntTasks/pom.xml
Path to vulnerable library: 20200331003935/downloadResource_c7379491-5bec-4189-8c17-3b3373ee8683/20200331011150/commons-httpclient-3.0.jar
Dependency Hierarchy:
Found in HEAD commit: e0626db424b40bfbf3e3f464e87d6c282f79ac11
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
Publish Date: 2014-09-04
URL: CVE-2012-6153
Base Score Metrics not available
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6153
Release Date: 2014-09-04
Fix Resolution: 4.2.3
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: