5.8

CVE-2012-5783

EPSS 0.65%
Published 04.11.2012 22:55:03
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected products Warnungen 0 Metrics 2 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Httpclient Version3.1

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version15.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.65%	0.699

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

Third Party Advisory

Technical Description

http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html

Broken Link

http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html

Broken Link

http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html

Broken Link

http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0270.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0679.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0680.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0681.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0682.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-1147.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-1853.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2014-0224.html

Broken Link

http://www.securityfocus.com/bid/58073

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-2769-1

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:0868

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/79984

Third Party Advisory

VDB Entry

https://issues.apache.org/jira/browse/HTTPCLIENT-1265

Patch

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2012-5783

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5783

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5783

EUVD