Skip to content

Improper Certificate Validation (CVE-2012-5783) #78

New issue
New issue
Open
Open
Improper Certificate Validation (CVE-2012-5783)#78
Assignees
vdenotaris
Labels
kind/bugCategorizes issue or pull request as related to a bug.priority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next release.
@vdenotaris

Description

@vdenotaris
vdenotaris
opened on Oct 2, 2019

Improper Certificate Validation
commons-httpclient:commons-httpclient is a component of the Apache HttpComponents project.

Affected versions of this package are vulnerable to Man-in-the-Middle attacks due to not verifying that the requesting server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Depending on

Metadata

Metadata

Assignees

Labels

kind/bugCategorizes issue or pull request as related to a bug.priority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next release.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions