CVE-2012-6153: Input Validation
First published: Thu Aug 14 2014(Updated: )
Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix related to the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jakarta-commons-httpclient | <1:3.1-4_patch_02.ep5.el5 | 1:3.1-4_patch_02.ep5.el5 |
| redhat/jboss-seam2 | <0:2.2.6.EAP5-22_patch_01.ep5.el5 | 0:2.2.6.EAP5-22_patch_01.ep5.el5 |
| redhat/apache-cxf | <0:2.2.12-14.patch_09.ep5.el5 | 0:2.2.12-14.patch_09.ep5.el5 |
| redhat/jakarta-commons-httpclient | <1:3.1-4_patch_02.el6_5 | 1:3.1-4_patch_02.el6_5 |
| redhat/jboss-seam2 | <0:2.2.6.EAP5-22_patch_01.el6 | 0:2.2.6.EAP5-22_patch_01.el6 |
| redhat/apache-cxf | <0:2.2.12-14.patch_09.el6 | 0:2.2.12-14.patch_09.el6 |
| redhat/devtoolset | <2-httpcomponents-client-0:4.2.1-6.el6 | 2-httpcomponents-client-0:4.2.1-6.el6 |
| redhat/jakarta-commons-httpclient | <1:3.1-4_patch_02.ep5.el4 | 1:3.1-4_patch_02.ep5.el4 |
| redhat/jboss-seam2 | <0:2.2.6.EAP5-22_patch_01.ep5.el4 | 0:2.2.6.EAP5-22_patch_01.ep5.el4 |
| redhat/apache-cxf | <0:2.2.12-14.patch_09.ep5.el4 | 0:2.2.12-14.patch_09.ep5.el4 |
| redhat/httpcomponents-eap6 | <0:6-12.redhat_2.1.ep6.el5 | 0:6-12.redhat_2.1.ep6.el5 |
| redhat/apache-cxf | <0:2.7.12-1.SP1_redhat_5.1.ep6.el5 | 0:2.7.12-1.SP1_redhat_5.1.ep6.el5 |
| redhat/wss4j | <0:1.6.16-2.redhat_3.1.ep6.el5 | 0:1.6.16-2.redhat_3.1.ep6.el5 |
| redhat/httpcomponents-eap6 | <0:6-12.redhat_2.1.ep6.el6 | 0:6-12.redhat_2.1.ep6.el6 |
| redhat/apache-cxf | <0:2.7.12-1.SP1_redhat_5.1.ep6.el6 | 0:2.7.12-1.SP1_redhat_5.1.ep6.el6 |
| redhat/wss4j | <0:1.6.16-2.redhat_3.1.ep6.el6 | 0:1.6.16-2.redhat_3.1.ep6.el6 |
| redhat/httpcomponents-eap6 | <0:6-12.redhat_2.1.ep6.el7 | 0:6-12.redhat_2.1.ep6.el7 |
| redhat/apache-cxf | <0:2.7.12-1.SP1_redhat_5.1.ep6.el7 | 0:2.7.12-1.SP1_redhat_5.1.ep6.el7 |
| redhat/wss4j | <0:1.6.16-2.redhat_3.1.ep6.el7 | 0:1.6.16-2.redhat_3.1.ep6.el7 |
| redhat/httpcomponents-client | <4.2.3 | 4.2.3 |
| Apache Commons-httpclient | >=4.0<=4.2.2 | |
| IBM ISAM | <=9.0.7 | |
| IBM Security Verify Access | <=10.0.0 | |
| maven/org.apache.httpcomponents:httpclient | <4.2.3 | 4.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2012-6153 https://nvd.nist.gov/vuln/detail/CVE-2012-6153
- https://bugzilla.redhat.com/show_bug.cgi?id=1129916
- https://access.redhat.com/errata/RHSA-2014:1320
- https://access.redhat.com/errata/RHSA-2014:1833
- https://access.redhat.com/errata/RHSA-2014:1098
- https://access.redhat.com/errata/RHSA-2014:1892
- https://access.redhat.com/errata/RHSA-2015:0234
- https://access.redhat.com/errata/RHSA-2015:0851
- https://access.redhat.com/errata/RHSA-2014:1891
- https://access.redhat.com/errata/RHSA-2015:0235
- https://access.redhat.com/errata/RHSA-2015:0850
- https://access.redhat.com/errata/RHSA-2015:0765
- https://access.redhat.com/errata/RHSA-2015:0675
- https://access.redhat.com/errata/RHSA-2014:1323
- https://access.redhat.com/errata/RHSA-2014:1836
- https://access.redhat.com/errata/RHSA-2014:1321
- https://access.redhat.com/errata/RHSA-2014:1834
- https://access.redhat.com/errata/RHSA-2014:1163
- https://access.redhat.com/errata/RHSA-2014:2020
- https://access.redhat.com/errata/RHSA-2014:1162
- https://access.redhat.com/errata/RHSA-2014:2019
- https://access.redhat.com/errata/RHSA-2015:0720
- https://access.redhat.com/errata/RHSA-2014:1904
- https://access.redhat.com/errata/RHSA-2015:1009
- https://access.redhat.com/errata/RHSA-2015:1888
- https://access.redhat.com/errata/RHSA-2015:0125
- https://access.redhat.com/errata/RHSA-2014:1322
- https://access.redhat.com/errata/RHSA-2014:1835
- https://access.redhat.com/errata/RHSA-2015:0158
- https://access.redhat.com/security/cve/CVE-2012-6153
- https://access.redhat.com/security/cve/CVE-2012-5783
- http://svn.apache.org/viewvc?view=revision&revision=1411705
- https://access.redhat.com/solutions/1165533
- https://access.redhat.com/support/policy/updates/jboss_notes/
- https://access.redhat.com/support/policy/updates/fusesource/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1130941
- https://access.redhat.com/security/cve/CVE-2014-3577
- https://rhn.redhat.com/errata/RHSA-2014-1082.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=873317
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1129074
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1129916#c19
- https://rhn.redhat.com/errata/RHSA-2014-1098.html
- https://rhn.redhat.com/errata/RHSA-2014-1162.html
- https://rhn.redhat.com/errata/RHSA-2014-1163.html
- https://rhn.redhat.com/errata/RHSA-2014-1322.html
- https://rhn.redhat.com/errata/RHSA-2014-1320.html
- https://rhn.redhat.com/errata/RHSA-2014-1323.html
- https://rhn.redhat.com/errata/RHSA-2014-1321.html
- https://rhn.redhat.com/errata/RHSA-2014-1836.html
- https://rhn.redhat.com/errata/RHSA-2014-1835.html
- https://rhn.redhat.com/errata/RHSA-2014-1834.html
- https://rhn.redhat.com/errata/RHSA-2014-1833.html
- https://rhn.redhat.com/errata/RHSA-2014-1892.html
- https://rhn.redhat.com/errata/RHSA-2014-1891.html
- https://rhn.redhat.com/errata/RHSA-2014-1904.html
- https://rhn.redhat.com/errata/RHSA-2014-2020.html
- https://rhn.redhat.com/errata/RHSA-2014-2019.html
- https://rhn.redhat.com/errata/RHSA-2015-0125.html
- https://rhn.redhat.com/errata/RHSA-2015-0158.html
- https://rhn.redhat.com/errata/RHSA-2015-0235.html
- https://rhn.redhat.com/errata/RHSA-2015-0234.html
- https://rhn.redhat.com/errata/RHSA-2015-0675.html
- https://rhn.redhat.com/errata/RHSA-2015-0720.html
- https://rhn.redhat.com/errata/RHSA-2015-0765.html
- https://rhn.redhat.com/errata/RHSA-2015-0851.html
- https://rhn.redhat.com/errata/RHSA-2015-0850.html
- https://rhn.redhat.com/errata/RHSA-2015-1009.html
- https://rhn.redhat.com/errata/RHSA-2015-1888.html
- http://rhn.redhat.com/errata/RHSA-2014-1098.html
- http://rhn.redhat.com/errata/RHSA-2014-1833.html
- http://rhn.redhat.com/errata/RHSA-2014-1834.html
- http://rhn.redhat.com/errata/RHSA-2014-1835.html
- http://rhn.redhat.com/errata/RHSA-2014-1836.html
- http://rhn.redhat.com/errata/RHSA-2014-1891.html
- http://rhn.redhat.com/errata/RHSA-2014-1892.html
- http://rhn.redhat.com/errata/RHSA-2015-0125.html
- http://rhn.redhat.com/errata/RHSA-2015-0158.html
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://rhn.redhat.com/errata/RHSA-2015-0765.html
- http://rhn.redhat.com/errata/RHSA-2015-0850.html
- http://rhn.redhat.com/errata/RHSA-2015-0851.html
- http://rhn.redhat.com/errata/RHSA-2015-1888.html
- http://www.securityfocus.com/bid/69257
- http://www.ubuntu.com/usn/USN-2769-1
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95328
- https://www.ibm.com/support/pages/node/6348046 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2012-6153
- https://github.com/advisories/GHSA-2x83-r56g-cv47 (Advisory)
- https://github.com/apache/httpcomponents-client/commit/6e14fc146a66e0f3eb362f45f95d1a58ee18886a
- https://github.com/apache/httpcomponents-client/commit/b930227f907af1198765fc47beabbddae344ca7b
Parent vulnerabilities
(Appears in the following advisories)
- RHSA-2014:1320
- RHSA-2014:1833
- RHSA-2014:1098
- RHSA-2014:1892
- RHSA-2015:0234
- RHSA-2015:0851
- RHSA-2014:1891
- RHSA-2015:0235
- RHSA-2015:0850
- RHSA-2015:0765
- RHSA-2015:0675
- RHSA-2014:1323
- RHSA-2014:1836
- RHSA-2014:1321
- RHSA-2014:1834
- RHSA-2014:1163
- RHSA-2014:2020
- RHSA-2014:1162
- RHSA-2014:2019
- RHSA-2015:0720
- RHSA-2014:1904
- RHSA-2015:1009
- RHSA-2015:1888
- RHSA-2015:0125
- RHSA-2014:1322
- RHSA-2014:1835
- RHSA-2015:0158
- IBM-6348046
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2012-6153.
What is the severity of CVE-2012-6153?
The severity of CVE-2012-6153 is high with a score of 4.3.
What is the affected software?
The affected software includes jakarta-commons-httpclient, jboss-seam2, apache-cxf, devtoolset, httpcomponents-client, Apache Commons-httpclient, IBM ISAM, and IBM Security Verify Access.
What is the fix for CVE-2012-6153?
There is no specific fix mentioned in the provided information, but it is recommended to update to the latest version of the affected software.
Where can I find more information about CVE-2012-6153?
You can find more information about CVE-2012-6153 on CVE website (https://www.cve.org/CVERecord?id=CVE-2012-6153) and NVD website (https://nvd.nist.gov/vuln/detail/CVE-2012-6153).
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-2x83-r56g-cv47
- alias/CVE-2012-6153
- agent/software-canonical-lookup
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/softwarecombine
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/event
- collector/nvd-cve
- source/NVD
- agent/author
- collector/github-advisory
- collector/ibm-support
- source/IBM
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/apache
- canonical/apache commons-httpclient
- version/apache commons-httpclient/4.0
- version/apache commons-httpclient/4.2.2
- package-manager/maven
- vendor/ibm
- canonical/ibm isam
- version/ibm isam/9.0.7
- canonical/ibm security verify access
- version/ibm security verify access/10.0.0