{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2013:0681", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0681.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1265"}, {"name": "openSUSE-SU-2013:0622", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html"}, {"name": "RHSA-2013:0680", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0680.html"}, {"name": "RHSA-2017:0868", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"name": "openSUSE-SU-2013:0354", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html"}, {"name": "58073", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/58073"}, {"name": "apache-commons-ssl-spoofing(79984)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984"}, {"name": "RHSA-2013:0270", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0270.html"}, {"name": "RHSA-2013:0682", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0682.html"}, {"name": "openSUSE-SU-2013:0638", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html"}, {"name": "openSUSE-SU-2013:0623", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html"}, {"name": "RHSA-2013:1853", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"}, {"name": "RHSA-2013:0679", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0679.html"}, {"name": "RHSA-2013:1147", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html"}, {"name": "USN-2769-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2769-1"}, {"name": "RHSA-2014:0224", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0224.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5783", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2013:0681", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0681.html"}, {"name": "https://issues.apache.org/jira/browse/HTTPCLIENT-1265", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1265"}, {"name": "openSUSE-SU-2013:0622", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html"}, {"name": "RHSA-2013:0680", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0680.html"}, {"name": "RHSA-2017:0868", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"name": "openSUSE-SU-2013:0354", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html"}, {"name": "58073", "refsource": "BID", "url": "http://www.securityfocus.com/bid/58073"}, {"name": "apache-commons-ssl-spoofing(79984)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984"}, {"name": "RHSA-2013:0270", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0270.html"}, {"name": "RHSA-2013:0682", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0682.html"}, {"name": "openSUSE-SU-2013:0638", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html"}, {"name": "openSUSE-SU-2013:0623", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html"}, {"name": "RHSA-2013:1853", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html"}, {"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", "refsource": "MISC", "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"}, {"name": "RHSA-2013:0679", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0679.html"}, {"name": "RHSA-2013:1147", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html"}, {"name": "USN-2769-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2769-1"}, {"name": "RHSA-2014:0224", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0224.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:16.415Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2013:0681", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0681.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1265"}, {"name": "openSUSE-SU-2013:0622", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html"}, {"name": "RHSA-2013:0680", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0680.html"}, {"name": "RHSA-2017:0868", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"name": "openSUSE-SU-2013:0354", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html"}, {"name": "58073", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/58073"}, {"name": "apache-commons-ssl-spoofing(79984)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984"}, {"name": "RHSA-2013:0270", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0270.html"}, {"name": "RHSA-2013:0682", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0682.html"}, {"name": "openSUSE-SU-2013:0638", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html"}, {"name": "openSUSE-SU-2013:0623", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html"}, {"name": "RHSA-2013:1853", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"}, {"name": "RHSA-2013:0679", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0679.html"}, {"name": "RHSA-2013:1147", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html"}, {"name": "USN-2769-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2769-1"}, {"name": "RHSA-2014:0224", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0224.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5783", "datePublished": "2012-11-04T22:00:00", "dateReserved": "2012-11-04T00:00:00", "dateUpdated": "2024-08-06T21:14:16.415Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "7849CBEF-9C6F-4E3E-A2CA-BA817EC1E1C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."}, {"lang": "es", "value": "Apache Commons HttpClient v3.x, tal y como se utiliza en el Java SDK de Amazon Flexible Payments Service(FPS) y otros productos, no comprueba si el nombre del servidor coincide con un nombre de dominio en el nombre com\u00fan (CN) del sujeto o con el campo subjectAltName del certificado X.509, lo que permite falsificar servidores SSL a atacantes man-in-the-middle mediante un certificado v\u00e1lido de su elecci\u00f3n.\r\n"}], "id": "CVE-2012-5783", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-04T22:55:03.297", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0270.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0679.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0680.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0681.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0682.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0224.html"}, {"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/58073"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2769-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0270.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0679.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0680.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0681.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0682.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1147.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0224.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/58073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2769-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/HTTPCLIENT-1265"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0682", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2013-03-25T00:00:00Z"}, {"advisory": "RHSA-2013:0682", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", "package": "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6", "product_name": "JBEWP 5 for RHEL 6", "release_date": "2013-03-25T00:00:00Z"}, {"advisory": "RHSA-2013:1006", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3", "package": "jakarta-commons-httpclient", "product_name": "JBoss Enterprise BRMS Platform 5.3", "release_date": "2013-07-01T00:00:00Z"}, {"advisory": "RHSA-2013:0270", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "jakarta-commons-httpclient-1:3.0-7jpp.2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-02-19T00:00:00Z"}, {"advisory": "RHSA-2013:0270", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "jakarta-commons-httpclient-1:3.1-0.7.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-02-19T00:00:00Z"}, {"advisory": "RHSA-2023:3954", "cpe": "cpe:/a:redhat:jboss_fuse:7", "product_name": "Red Hat Fuse 7.12", "release_date": "2023-06-29T00:00:00Z"}, {"advisory": "RHSA-2017:0868", "cpe": "cpe:/a:redhat:jboss_amq:6.3", "product_name": "Red Hat JBoss A-MQ 6.3", "release_date": "2017-04-03T00:00:00Z"}, {"advisory": "RHSA-2013:0679", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "product_name": "Red Hat JBoss Enterprise Application Platform 5.2", "release_date": "2013-03-25T00:00:00Z"}, {"advisory": "RHSA-2013:0680", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2013-03-25T00:00:00Z"}, {"advisory": "RHSA-2013:0680", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "jakarta-commons-httpclient-1:3.1-2.1_patch_01.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2013-03-25T00:00:00Z"}, {"advisory": "RHSA-2013:0680", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", "package": "jakarta-commons-httpclient-1:3.1-2_patch_01.ep5.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", "release_date": "2013-03-25T00:00:00Z"}, {"advisory": "RHSA-2017:0868", "cpe": "cpe:/a:redhat:jboss_fuse:6.3", "product_name": "Red Hat JBoss Fuse 6.3", "release_date": "2017-04-03T00:00:00Z"}, {"advisory": "RHSA-2013:1853", "cpe": "cpe:/a:redhat:jboss_operations_network:3.2.0", "product_name": "Red Hat JBoss Operations Network 3.2", "release_date": "2013-12-17T00:00:00Z"}, {"advisory": "RHSA-2013:1147", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3", "package": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss SOA Platform 5.3", "release_date": "2013-08-08T00:00:00Z"}, {"advisory": "RHSA-2013:0763", "cpe": "cpe:/a:redhat:jboss_enterprise_web_framework:2.2.0", "package": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Web Framework Kit 2.2", "release_date": "2013-04-22T00:00:00Z"}, {"advisory": "RHSA-2013:0681", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "product_name": "Red Hat JBoss Web Platform 5.2", "release_date": "2013-03-25T00:00:00Z"}, {"advisory": "RHSA-2014:0224", "cpe": "cpe:/a:redhat:rhev_manager:3", "package": "redhat-support-plugin-rhev-0:3.3.0-14.el6ev", "product_name": "RHEV Manager version 3.3", "release_date": "2014-02-27T00:00:00Z"}], "bugzilla": {"description": "jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name", "id": "873317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873317"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "details": ["Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", "It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."], "name": "CVE-2012-5783", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Affected", "package_name": "apache-commons-httpclient", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3.1", "fix_state": "Affected", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Operations Network 3.1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:4", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Portal 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Portal 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:4.2", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss SOA Platform 4.2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:4.3", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss SOA Platform 4.3"}, {"cpe": "cpe:/a:redhat:network_satellite:5.0", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat Satellite 5.0"}, {"cpe": "cpe:/a:redhat:network_satellite:5.1", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat Satellite 5.1"}, {"cpe": "cpe:/a:redhat:network_satellite:5.2", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat Satellite 5.2"}, {"cpe": "cpe:/a:redhat:network_satellite:5.3", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat Satellite 5.3"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Not affected", "package_name": "candlepin", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2012-10-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5783\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5783"], "threat_severity": "Moderate"}