5.8

CVE-2012-5783

EPSS 0.65%
Veröffentlicht 04.11.2012 22:55:03
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 21

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Httpclient Version3.1

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version15.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.65%	0.699

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

Third Party Advisory

Technical Description

http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html

Broken Link

http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html

Broken Link

http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html

Broken Link

http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0270.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0679.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0680.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0681.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0682.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-1147.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-1853.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2014-0224.html

Broken Link

http://www.securityfocus.com/bid/58073

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-2769-1

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:0868

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/79984

Third Party Advisory

VDB Entry

https://issues.apache.org/jira/browse/HTTPCLIENT-1265

Patch

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2012-5783

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5783

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5783

EUVD