Oval Definition:oval:org.mitre.oval:def:21046
Revision Date:2014-02-17Version:11
Title:RHSA-2013:0270: jakarta-commons-httpclient security update (Moderate)
Description:Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2013:0270
CVE-2012-5783
RHSA-2013:0270-02
Platform(s):CentOS Linux 5
CentOS Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s):jakarta-commons-httpclient
Definition Synopsis
  • Operation system section
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • AND Packages section
  • jakarta-commons-httpclient-javadoc is earlier than 1:3.1-0.7.el6_3
  • OR jakarta-commons-httpclient is earlier than 1:3.1-0.7.el6_3
  • OR jakarta-commons-httpclient-demo is earlier than 1:3.1-0.7.el6_3
  • OR jakarta-commons-httpclient-manual is earlier than 1:3.1-0.7.el6_3
  • Operation system section
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • jakarta-commons-httpclient-javadoc is earlier than 1:3.0-7jpp.2
  • OR jakarta-commons-httpclient is earlier than 1:3.0-7jpp.2
  • OR jakarta-commons-httpclient-demo is earlier than 1:3.0-7jpp.2
  • OR jakarta-commons-httpclient-manual is earlier than 1:3.0-7jpp.2
    • BACK