RedHat Update For Httpcomponents-client RHSA-2014:1146-01 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) For additional information on this flaw, refer to the Knowledgebase article in the References section. All httpcomponents-client users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Affected

httpcomponents-client on Red Hat Enterprise Linux Server (v. 7)

References

https://www.redhat.com/archives/rhsa-announce/2014-September/msg00009.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-6153, CVE-2014-3577
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:1179
RedHat Security Advisory RHSA-2009:0046
RedHat Security Advisory RHSA-2009:1040
RedHat Security Advisory RHSA-2009:1278
RedHat Security Advisory RHSA-2009:1485

RedHat Update for httpcomponents-client RHSA-2014:1146-01

Take action and discover your vulnerabilities