Back to bug 873317
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jan Lieskovsky | 2012-11-05 14:38:22 UTC | CC | agrimm, akurtako, david, java-maint, pcheung | |
| Jan Lieskovsky | 2012-11-05 14:40:44 UTC | Depends On | 873319 | |
| Jan Lieskovsky | 2012-11-05 14:43:13 UTC | Blocks | 873321 | |
| David Jorm | 2012-11-07 04:41:01 UTC | CC | djorm | |
| Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=new,rhel-6/jakarta-commons-httpclient=new,fedora-all/jakarta-commons-httpclient=affected | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=new,rhel-6/jakarta-commons-httpclient=new,fedora-all/jakarta-commons-httpclient=affected brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=affected,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected jbews-1/jakarta-commons-httpclient=affected,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix | ||
| Florian Weimer | 2012-11-15 17:12:43 UTC | CC | fweimer | |
| Jan Lieskovsky | 2012-11-15 17:18:11 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=new,rhel-6/jakarta-commons-httpclient=new,fedora-all/jakarta-commons-httpclient=affected brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=affected,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected jbews-1/jakarta-commons-httpclient=affected,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected systemengine-1/candlepin=new,sam-1/candlepin=new,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=affected,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=affected,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix |
| Jan Lieskovsky | 2012-11-15 17:18:48 UTC | CC | jpazdziora | |
| Kurt Seifried | 2012-11-19 17:38:56 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected systemengine-1/candlepin=new,sam-1/candlepin=new,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=affected,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=affected,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=affected,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=affected,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix |
| David Jorm | 2012-12-16 23:51:53 UTC | Depends On | 887662 | |
| David Jorm | 2012-12-16 23:52:04 UTC | Depends On | 887663 | |
| David Jorm | 2012-12-16 23:52:17 UTC | Depends On | 887664 | |
| David Jorm | 2012-12-16 23:52:29 UTC | Depends On | 887665 | |
| David Jorm | 2012-12-16 23:52:43 UTC | Depends On | 887666 | |
| David Jorm | 2012-12-16 23:52:52 UTC | Depends On | 887667 | |
| David Jorm | 2012-12-16 23:53:06 UTC | Depends On | 887668 | |
| David Jorm | 2012-12-16 23:53:18 UTC | Depends On | 887669 | |
| David Jorm | 2012-12-17 00:01:00 UTC | Depends On | 887670 | |
| David Jorm | 2012-12-17 00:01:27 UTC | Depends On | 887671 | |
| David Jorm | 2012-12-17 00:03:05 UTC | Depends On | 887672 | |
| David Jorm | 2012-12-17 00:14:20 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=affected,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=affected,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=affected,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix |
| Mikolaj Izdebski | 2012-12-17 12:13:16 UTC | CC | mizdebsk | |
| Tomas Hoger | 2012-12-17 16:28:17 UTC | Summary | CVE-2012-5783 jakarta-commons-httpclient: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the X.509 certificate | CVE-2012-5783 jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name |
| Fernando Nasser | 2013-03-13 14:39:03 UTC | CC | fnasser | |
| Arun Babu Neelicattu | 2013-03-14 08:47:53 UTC | CC | aneelica | |
| Arun Babu Neelicattu | 2013-03-14 08:48:21 UTC | Link ID | JBoss Issue Tracker JBPAPP-10677 | |
| David Jorm | 2013-04-19 02:06:31 UTC | Depends On | 953308 | |
| David Jorm | 2013-04-19 02:08:05 UTC | Blocks | 953709 | |
| David Jorm | 2013-04-24 14:00:29 UTC | Blocks | 956239 | |
| David Jorm | 2013-06-03 06:21:55 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=affected,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix |
| David Jorm | 2013-07-03 00:33:22 UTC | Blocks | 980652 | |
| Lance Lierheimer | 2013-09-25 23:33:24 UTC | CC | llierheimer | |
| David Jorm | 2013-12-18 01:06:46 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2013-12-17 20:06:46 UTC | |||
| David Jorm | 2014-01-13 21:44:58 UTC | Status | CLOSED | NEW |
| Resolution | ERRATA | --- | ||
| Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected | ||
| Keywords | Reopened | |||
| David Jorm | 2014-01-16 04:04:56 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3.2.z/redhat-support-plugin-rhev=affected |
| David Jorm | 2014-01-16 04:14:20 UTC | Depends On | 1053968 | |
| David Jorm | 2014-01-16 04:14:45 UTC | Depends On | 1053969 | |
| David Jorm | 2014-01-16 04:15:05 UTC | Depends On | 1053970 | |
| David Jorm | 2014-01-16 04:15:35 UTC | Depends On | 1053971 | |
| David Jorm | 2014-01-16 04:16:01 UTC | Depends On | 1053972 | |
| David Jorm | 2014-01-16 04:16:19 UTC | Depends On | 1053973 | |
| David Jorm | 2014-01-16 04:16:36 UTC | Depends On | 1053974 | |
| David Jorm | 2014-01-16 04:16:56 UTC | Depends On | 1053975 | |
| David Jorm | 2014-01-16 04:17:16 UTC | Depends On | 1053976 | |
| David Jorm | 2014-01-16 04:17:40 UTC | Depends On | 1053977 | |
| Alexander Kurtakov | 2014-01-16 10:12:50 UTC | CC | akurtako | |
| David Jorm | 2014-01-17 04:17:38 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3.2.z/redhat-support-plugin-rhev=affected | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected |
| David Jorm | 2014-01-17 04:19:28 UTC | Depends On | 1054567 | |
| David Jorm | 2014-01-17 04:19:50 UTC | Depends On | 1054568 | |
| David Jorm | 2014-01-17 05:02:11 UTC | Blocks | 1054573 | |
| Kurt Seifried | 2014-02-06 17:42:36 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,systemengine-1/candlepin=notaffected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected |
| Vincent Danen | 2014-02-27 18:48:51 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2013-12-17 20:06:46 UTC | 2014-02-27 13:48:51 UTC | ||
| Vincent Danen | 2015-10-15 21:30:53 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=notaffected,fedora-all/jakarta-commons-httpclient=affected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected |
| Ján Rusnačko | 2015-11-24 15:21:47 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=notaffected,fedora-all/jakarta-commons-httpclient=affected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected |
| Hooman Broujerdi | 2017-03-30 05:11:33 UTC | CC | hghasemb | |
| Doc Text | Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via andaarbitrary valid certificate. | |||
| Hooman Broujerdi | 2017-03-30 05:44:26 UTC | CC | sparks | |
| Flags | needinfo?(sparks) | |||
| Hooman Broujerdi | 2017-03-30 06:20:00 UTC | Doc Text | Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via andaarbitrary valid certificate. | It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via andaarbitrary valid certificate. |
| Fernando Nasser | 2017-03-30 12:50:27 UTC | Doc Text | It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via andaarbitrary valid certificate. | It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
| Eric Christensen | 2017-03-30 13:50:25 UTC | CC | sparks | |
| Flags | needinfo?(sparks) | |||
| Chess Hazlett | 2017-03-30 14:32:52 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected,fuse-6/apache-commons-httpclient=affected |
| Chess Hazlett | 2017-03-30 14:33:02 UTC | CC | aileenc, chazlett | |
| Chess Hazlett | 2017-03-30 17:27:56 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected,fuse-6/apache-commons-httpclient=affected | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected,fuse-6/apache-commons-httpclient=affected |
| Product Security DevOps Team | 2019-09-29 12:57:25 UTC | Whiteboard | impact=moderate,public=20121016,reported=20121104,source=cve,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cvss3=3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N,rhel-5/jakarta-commons-httpclient=affected,rhel-6/jakarta-commons-httpclient=affected,fedora-all/jakarta-commons-httpclient=affected,sam-1/candlepin=notaffected,brms-5/jakarta-commons-httpclient=affected,epp-5/jakarta-commons-httpclient=wontfix,soap-5/jakarta-commons-httpclient=affected,jon-3.1/jakarta-commons-httpclient=affected,wfk-2/jakarta-commons-httpclient=affected,jbews-1/jakarta-commons-httpclient=wontfix,epp-4/jakarta-commons-httpclient=wontfix,soap-4.2/jakarta-commons-httpclient=wontfix,soap-4.3/jakarta-commons-httpclient=wontfix,rhn_satellite_5.0/jakarta-commons-httpclient=wontfix,rhn_satellite_5.1/jakarta-commons-httpclient=wontfix,rhn_satellite_5.2/jakarta-commons-httpclient=wontfix,rhn_satellite_5.3/jakarta-commons-httpclient=wontfix,rhev-m-3/redhat-support-plugin-rhev=affected,fuse-6/apache-commons-httpclient=affected | |
| errata-xmlrpc | 2023-06-29 20:07:27 UTC | Link ID | Red Hat Product Errata RHSA-2023:3954 |
Back to bug 873317