CESA-2014:1166 -- centos 7 jakarta-commons-httpclientID: oval:org.secpod.oval:def:203417 | Date: (C)2014-09-16 (M)2023-12-07 |
Class: PATCH | Family: unix |
Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. For additional information on this flaw, refer to the Knowledgebase article in the References section. All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Product: |
jakarta-commons-httpclient |