1
PublicDateAtUSN: 2012-11-04
2
Candidate: CVE-2012-5783
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783
6
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
7
https://usn.ubuntu.com/usn/usn-2769-1
9
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service
10
(FPS) merchant Java SDK and other products, does not verify that the server
11
hostname matches a domain name in the subject's Common Name (CN) or
12
subjectAltName field of the X.509 certificate, which allows
13
man-in-the-middle attackers to spoof SSL servers via an arbitrary valid
17
sarnold> Apache Commons HttpClient has been replaced by HttpComponents
18
mdeslaur> debian released 3.1-10.1 with a possible regression
19
mdeslaur> fix was incomplete, see CVE-2012-6153 and CVE-2014-3577
21
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692442
22
https://issues.apache.org/jira/browse/HTTPCLIENT-1265
23
https://issues.apache.org/jira/browse/httpclient-613
28
Patches_httpcomponents-client:
29
upstream: http://svn.apache.org/viewvc?view=revision&revision=483925
30
upstream_httpcomponents-client: needs-triage
31
precise_httpcomponents-client: not-affected (4.1.1-1)
32
trusty_httpcomponents-client: not-affected (4.3.3-1)
33
vivid_httpcomponents-client: not-affected (4.3.5-2)
34
devel_httpcomponents-client: not-affected (4.4.1-1)
36
Patches_commons-httpclient:
37
vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692442
38
upstream_commons-httpclient: released (3.1-10.2)
39
hardy_commons-httpclient: ignored (reached end-of-life)
40
lucid_commons-httpclient: ignored (reached end-of-life)
41
oneiric_commons-httpclient: ignored (reached end-of-life)
42
precise_commons-httpclient: released (3.1-10ubuntu0.1)
43
quantal_commons-httpclient: ignored (reached end-of-life)
44
raring_commons-httpclient: not-affected (3.1-10.2)
45
saucy_commons-httpclient: not-affected (3.1-10.2)
46
trusty_commons-httpclient: not-affected (3.1-10.2)
47
utopic_commons-httpclient: not-affected (3.1-10.2)
48
vivid_commons-httpclient: not-affected (3.1-10.2)
49
devel_commons-httpclient: not-affected (3.1-10.2)