USN-2769-1
- Source
- https://ubuntu.com/security/notices/USN-2769-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2769-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-2769-1
- Related
- Published
- 2015-10-14T15:43:52.896434Z
- Modified
- 2015-10-14T15:43:52.896434Z
- Summary
- commons-httpclient vulnerabilities
- Details
-
It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5783)
Florian Weimer discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-6153)
Subodh Iyengar and Will Shackleton discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3577)
It was discovered that Apache Commons HttpClient did not properly handle read timeouts during HTTPS handshakes. A remote attacker could trigger this flaw to cause a denial of service. (CVE-2015-5262)
- References