Package "httpcomponents-client"
Name: |
httpcomponents-client
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- HTTP/1.1 compliant HTTP agent implementation
- HTTP/1.1 compliant HTTP agent implementation - MIME extension
|
Latest version: |
4.3.3-1ubuntu0.1 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "httpcomponents-client" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
httpcomponents-client (4.3.3-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: It was found that the fix for CVE-2012-5783
and CVE-2012-6153 was incomplete. The code added to check that
the server hostname matches the domain name in the subject's CN
field was flawed. This can be exploited by a Man-in-the-middle
(MITM) attack where the attacker can spoof a valid certificate
using a specially crafted subject.
- debian/patches/CVE-2014-3577.patch: fix in AbstractVerifier.java
- CVE-2014-3577
-- Eduardo Barretto <email address hidden> Fri, 10 Aug 2018 17:06:26 -0300
|
CVE-2012-5783 |
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the serve |
CVE-2012-6153 |
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name |
CVE-2014-3577 |
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify |
|
About
-
Send Feedback to @ubuntu_updates