Oval Definition:oval:org.mitre.oval:def:26499
Revision Date:2014-11-10Version:9
Title:RHSA-2014:1166: jakarta-commons-httpclient security update (Important)
Description:Jakarta Commons HTTPClient implements the client side of HTTP standards.It was discovered that the HTTPClient incorrectly extracted host name froman X.509 certificate subject's Common Name (CN) field. A man-in-the-middleattacker could use this flaw to spoof an SSL server using a speciallycrafted X.509 certificate. (CVE-2014-3577)For additional information on this flaw, refer to the Knowledgebasearticle in the References section.All jakarta-commons-httpclient users are advised to upgrade to theseupdated packages, which contain a backported patch to correct this issue.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2014:1166
CVE-2014-3577
RHSA-2014:1166-00
Platform(s):CentOS Linux 5
CentOS Linux 6
CentOS Linux 7
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Product(s):jakarta-commons-httpclient
Definition Synopsis
  • Operation system section
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • jakarta-commons-httpclient is earlier than 1:3.0-7jpp.4.el5_10
  • OR jakarta-commons-httpclient-demo is earlier than 1:3.0-7jpp.4.el5_10
  • OR jakarta-commons-httpclient-javadoc is earlier than 1:3.0-7jpp.4.el5_10
  • OR jakarta-commons-httpclient-manual is earlier than 1:3.0-7jpp.4.el5_10
  • Operation system section
  • Redhat 6 or Centos 6 release
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • OR The operating system installed on the system is CentOS Linux 6.x
  • AND Packages section
  • jakarta-commons-httpclient is earlier than 1:3.1-0.9.el6_5
  • OR jakarta-commons-httpclient-demo is earlier than 1:3.1-0.9.el6_5
  • OR jakarta-commons-httpclient-javadoc is earlier than 1:3.1-0.9.el6_5
  • OR jakarta-commons-httpclient-manual is earlier than 1:3.1-0.9.el6_5
  • Operation system section
  • Redhat 7 or Centos 7 release
  • The operating system installed on the system is Red Hat Enterprise Linux 7
  • OR The operating system installed on the system is CentOS Linux 7.x
  • AND Packages section
  • jakarta-commons-httpclient is earlier than 1:3.1-16.el7_0
  • OR jakarta-commons-httpclient-demo is earlier than 1:3.1-16.el7_0
  • OR jakarta-commons-httpclient-javadoc is earlier than 1:3.1-16.el7_0
  • OR jakarta-commons-httpclient-manual is earlier than 1:3.1-16.el7_0
  • BACK