#VU57150 Improper Certificate Validation in HttpComponents Client and Apache HttpAsyncClient


Published: 2021-10-08

Vulnerability identifier: #VU57150

Vulnerability risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3577

CWE-ID: CWE-295

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
HttpComponents Client
Universal components / Libraries / Software for developers
Apache HttpAsyncClient
Other software / Other software solutions

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper certificate validation. A remote attacker can perform a man-in-the-middle (MitM) attack and spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

HttpComponents Client: 4.0 - 4.3.4

Apache HttpAsyncClient: 4.0 - 4.0.1

External links
http://seclists.org/fulldisclosure/2014/Aug/48
http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html
http://secunia.com/advisories/60713
http://secunia.com/advisories/60589
http://access.redhat.com/solutions/1165533
http://rhn.redhat.com/errata/RHSA-2014-1146.html
http://rhn.redhat.com/errata/RHSA-2014-1166.html
http://rhn.redhat.com/errata/RHSA-2014-1892.html
http://rhn.redhat.com/errata/RHSA-2014-1891.html
http://rhn.redhat.com/errata/RHSA-2014-1836.html
http://rhn.redhat.com/errata/RHSA-2014-1835.html
http://rhn.redhat.com/errata/RHSA-2014-1834.html
http://rhn.redhat.com/errata/RHSA-2014-1833.html
http://rhn.redhat.com/errata/RHSA-2015-0158.html
http://rhn.redhat.com/errata/RHSA-2015-0125.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://rhn.redhat.com/errata/RHSA-2015-0851.html
http://rhn.redhat.com/errata/RHSA-2015-0850.html
http://rhn.redhat.com/errata/RHSA-2015-1177.html
http://rhn.redhat.com/errata/RHSA-2015-1176.html
http://www.ubuntu.com/usn/USN-2769-1
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564
http://www.securityfocus.com/bid/69258
http://www.securitytracker.com/id/1030812
http://www.osvdb.org/110143
http://secunia.com/advisories/60466
http://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782
http://exchange.xforce.ibmcloud.com/vulnerabilities/95327
http://rhn.redhat.com/errata/RHSA-2016-1931.html
http://rhn.redhat.com/errata/RHSA-2016-1773.html
http://rhn.redhat.com/errata/RHSA-2015-1888.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
http://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
http://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
http://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
http://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
http://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html
http://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
http://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
http://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/10/06/1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Security Verify Governance - Identity Manager
Multiple vulnerabilities in IBM Cloud Pak System
Multiple vulnerabilities in IBM Tivoli Application Dependency Discovery Manager
Multiple vulnerabilities in IBM B2B Advanced Communications and IBM Multi-Enterprise Integration Gateway
Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)
Multiple vulnerabilities in IBM Spectrum Control
Multiple vulnerabilities in IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management
Multiple vulnerabilities in IBM Voice Gateway
Multiple vulnerabilities in IBM Tivoli Monitoring
Multiple vulnerabilities in IBM Control Desk