Oval Definition:	oval:org.mitre.oval:def:27050
Revision Date: 2015-02-23 Version: 11 Title: ELSA-2014-1166 -- jakarta-commons-httpclient security update (Important) Description: Jakarta Commons HTTPClient implements the client side of HTTP standards.It was discovered that the HTTPClient incorrectly extracted host name froman X.509 certificate subject's Common Name (CN) field. A man-in-the-middleattacker could use this flaw to spoof an SSL server using a speciallycrafted X.509 certificate. (CVE-2014-3577)For additional information on this flaw, refer to the Knowledgebasearticle in the References section.All jakarta-commons-httpclient users are advised to upgrade to theseupdated packages, which contain a backported patch to correct this issue. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2012-6153 CVE-2014-3577 ELSA-2014-1166 Platform(s): Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 Product(s): jakarta-commons-httpclient Definition Synopsis Oracle Linux 7 release section Oracle Linux 7.x AND Packages match section jakarta-commons-httpclient RPM is earlier than 1:3.1-16.el7_0 OR jakarta-commons-httpclient-demo RPM is earlier than 1:3.1-16.el7_0 OR jakarta-commons-httpclient-javadoc RPM is earlier than 1:3.1-16.el7_0 OR jakarta-commons-httpclient-manual RPM is earlier than 1:3.1-16.el7_0 Oracle Linux 6 release section Oracle Linux 6.x AND Packages match section jakarta-commons-httpclient RPM is earlier than 1:3.1-0.9.el6_5 OR jakarta-commons-httpclient-demo RPM is earlier than 1:3.1-0.9.el6_5 OR jakarta-commons-httpclient-javadoc RPM is earlier than 1:3.1-0.9.el6_5 OR jakarta-commons-httpclient-manual RPM is earlier than 1:3.1-0.9.el6_5 Oracle Linux 5 release section Oracle Linux 5.x AND Packages match section jakarta-commons-httpclient RPM is earlier than 1:3.0-7jpp.4.el5_10 OR jakarta-commons-httpclient-demo RPM is earlier than 1:3.0-7jpp.4.el5_10 OR jakarta-commons-httpclient-javadoc RPM is earlier than 1:3.0-7jpp.4.el5_10 OR jakarta-commons-httpclient-manual RPM is earlier than 1:3.0-7jpp.4.el5_10
BACK