RHSA-2013:0270: Moderate: jakarta-commons-httpclient security update

First published: Tue Feb 19 2013(Updated: )

The Jakarta Commons HttpClient component can be used to build HTTP-aware<br>client applications (such as web browsers and web service clients).<br>The Jakarta Commons HttpClient component did not verify that the server<br>hostname matched the domain name in the subject's Common Name (CN) or<br>subjectAltName field in X.509 certificates. This could allow a<br>man-in-the-middle attacker to spoof an SSL server if they had a certificate<br>that was valid for any domain name. (CVE-2012-5783)<br>All users of jakarta-commons-httpclient are advised to upgrade to these<br>updated packages, which correct this issue. Applications using the Jakarta<br>Commons HttpClient component must be restarted for this update to take<br>effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2013:0270
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• package-manager/redhat