This repository has been archived by the owner on Sep 21, 2021. It is now read-only.
CVE-2014-3577 Medium Severity Vulnerability detected by WhiteSource #4
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
ghost
closed this as This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
CVE-2014-3577 - Medium Severity Vulnerability
HttpComponents Client (base module)
path: /root/.m2/repository/org/apache/httpcomponents/httpclient/4.0.1/httpclient-4.0.1.jar
Library home page: http://hc.apache.org/httpcomponents-client
Dependency Hierarchy:
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
Publish Date: 2014-08-21
URL: CVE-2014-3577
Base Score Metrics not available
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1030812
Fix Resolution: The vendor has issued a fix.
The vendor's advisories are available at:
https://rhn.redhat.com/errata/RHSA-2014-1162.html
https://rhn.redhat.com/errata/RHSA-2014-1163.html
https://rhn.redhat.com/errata/RHSA-2014-2019.html
https://rhn.redhat.com/errata/RHSA-2014-2020.html
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: