Synopsis: Moderate: jakarta-commons-httpclient security update
Issue Date: 2013-02-19
CVE Numbers: CVE-2012-5783
—
The Jakarta Commons HttpClient component did not verify that the server
hostname matched the domain name in the subject’s Common Name (CN) or
subjectAltName field in X.509 certificates. This could allow a man-in-the-
middle attacker to spoof an SSL server if they had a certificate that was valid
for any domain name. (CVE-2012-5783)
Applications using the Jakarta Commons HttpClient component must be restarted
for this update to take effect.
—
SL5
x86_64
jakarta-commons-httpclient-3.0-7jpp.2.x86_64.rpm
jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.x86_64.rpm
jakarta-commons-httpclient-demo-3.0-7jpp.2.x86_64.rpm
jakarta-commons-httpclient-javadoc-3.0-7jpp.2.x86_64.rpm
jakarta-commons-httpclient-manual-3.0-7jpp.2.x86_64.rpm
i386
jakarta-commons-httpclient-3.0-7jpp.2.i386.rpm
jakarta-commons-httpclient-debuginfo-3.0-7jpp.2.i386.rpm
jakarta-commons-httpclient-demo-3.0-7jpp.2.i386.rpm
jakarta-commons-httpclient-javadoc-3.0-7jpp.2.i386.rpm
jakarta-commons-httpclient-manual-3.0-7jpp.2.i386.rpm
SL6
x86_64
jakarta-commons-httpclient-3.1-0.7.el6_3.x86_64.rpm
jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.x86_64.rpm
jakarta-commons-httpclient-demo-3.1-0.7.el6_3.x86_64.rpm
jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.x86_64.rpm
jakarta-commons-httpclient-manual-3.1-0.7.el6_3.x86_64.rpm
i386
jakarta-commons-httpclient-3.1-0.7.el6_3.i686.rpm
jakarta-commons-httpclient-debuginfo-3.1-0.7.el6_3.i686.rpm
jakarta-commons-httpclient-demo-3.1-0.7.el6_3.i686.rpm
jakarta-commons-httpclient-javadoc-3.1-0.7.el6_3.i686.rpm
jakarta-commons-httpclient-manual-3.1-0.7.el6_3.i686.rpm
– Scientific Linux Development Team
