Vulnerability & Exploit Database

Back to search

RHSA-2014:1166: jakarta-commons-httpclient security update

Severity CVSS Published Added Modified
6 (AV:N/AC:M/Au:N/C:P/I:P/A:N) August 21, 2014 September 19, 2014 July 04, 2017

Description

Jakarta Commons HTTPClient implements the client side of HTTP standards.It was discovered that the HTTPClient incorrectly extracted host name froman X.509 certificate subject's Common Name (CN) field. A man-in-the-middleattacker could use this flaw to spoof an SSL server using a speciallycrafted X.509 certificate. (CVE-2014-3577)For additional information on this flaw, refer to the Knowledgebasearticle in the References section.All jakarta-commons-httpclient users are advised to upgrade to theseupdated packages, which contain a backported patch to correct this issue.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-jakarta-commons-httpclient

Related Vulnerabilities