Updated jakarta-commons-httpclient package fixes security vulnerability
Publication date: 06 Jul 2013Modification date: 06 Jul 2013
Type: security
Affected Mageia releases : 2
CVE: CVE-2012-5783
Description
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name (CVE-2012-5783).
References
SRPMS
2/core
- jakarta-commons-httpclient-3.1-3.1.mga2