Oval Definition:oval:com.redhat.rhsa:def:20141146
Revision Date:2014-09-03Version:634
Title:RHSA-2014:1146: httpcomponents-client security update (Important)
Description:HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore.

  • It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577)

    For additional information on this flaw, refer to the Knowledgebase article in the References section.

    All httpcomponents-client users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2014-3577
    CVE-2014-3577
    RHSA-2014:1146
    RHSA-2014:1146-00
    RHSA-2014:1146-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • httpcomponents-client is earlier than 0:4.2.5-5.el7_0
  • AND httpcomponents-client is signed with Red Hat redhatrelease2 key
  • httpcomponents-client-javadoc is earlier than 0:4.2.5-5.el7_0
  • AND httpcomponents-client-javadoc is signed with Red Hat redhatrelease2 key
    • BACK