MGASA-2013-0199

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0199.html

Import Source

https://advisories.mageia.org/MGASA-2013-0199.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0199

Related

CVE-2012-5783

Published

2013-07-06T14:11:31Z

Modified

2013-07-06T14:11:26Z

Summary

Updated jakarta-commons-httpclient package fixes security vulnerability

Details

The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name (CVE-2012-5783).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / jakarta-commons-httpclient

Package

Name: jakarta-commons-httpclient
Purl: pkg:rpm/mageia/jakarta-commons-httpclient?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1-3.1.mga2

Ecosystem specific

{
    "section": "core"
}