Oval Definition:oval:org.mitre.oval:def:23687
Revision Date:2014-05-26Version:13
Title:ELSA-2013:0270: jakarta-commons-httpclient security update (Moderate)
Description:Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2012-5783
ELSA-2013:0270-02
Platform(s):Oracle Linux 5
Oracle Linux 6
Product(s):jakarta-commons-httpclient
Definition Synopsis
  • rpm test
  • Oracle Linux 6.x
  • AND rpm test
  • jakarta-commons-httpclient-javadoc is earlier than 1:3.1-0.7.el6_3
  • OR jakarta-commons-httpclient is earlier than 1:3.1-0.7.el6_3
  • OR jakarta-commons-httpclient-demo is earlier than 1:3.1-0.7.el6_3
  • OR jakarta-commons-httpclient-manual is earlier than 1:3.1-0.7.el6_3
  • OR rpm test
  • Oracle Linux 5.x
  • AND rpm test
  • jakarta-commons-httpclient-javadoc is earlier than 1:3.0-7jpp.2
  • OR jakarta-commons-httpclient is earlier than 1:3.0-7jpp.2
  • OR jakarta-commons-httpclient-demo is earlier than 1:3.0-7jpp.2
  • OR jakarta-commons-httpclient-manual is earlier than 1:3.0-7jpp.2
    • BACK