ALAS-2013-169 ---- jakarta-commons-httpclientID: oval:org.secpod.oval:def:1600228 | Date: (C)2016-05-19 (M)2023-12-07 |
Class: PATCH | Family: unix |
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name
Platform: |
Amazon Linux AMI |
Product: |
jakarta-commons-httpclient |