#VU80741 Improper Certificate Validation in Apache Commons HttpClient


Published: 2023-09-13

Vulnerability identifier: #VU80741

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2012-5783

CWE-ID: CWE-295

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache Commons HttpClient
Other software / Other software solutions

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to perform a man-in-the-middle attack to spoof SSL servers via an arbitrary valid certificate.

The vulnerability exists due to Apache Commons HttpClient does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. A remote attacker can perform a man-in-the-middle attack to spoof SSL servers via an arbitrary valid certificate.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Apache Commons HttpClient: All versions

External links
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
http://rhn.redhat.com/errata/RHSA-2013-0270.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html
http://rhn.redhat.com/errata/RHSA-2013-0681.html
http://rhn.redhat.com/errata/RHSA-2013-0679.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html
http://rhn.redhat.com/errata/RHSA-2013-0680.html
http://rhn.redhat.com/errata/RHSA-2013-0682.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html
http://rhn.redhat.com/errata/RHSA-2013-1147.html
http://rhn.redhat.com/errata/RHSA-2013-1853.html
http://rhn.redhat.com/errata/RHSA-2014-0224.html
http://www.ubuntu.com/usn/USN-2769-1
http://www.securityfocus.com/bid/58073
http://exchange.xforce.ibmcloud.com/vulnerabilities/79984
http://issues.apache.org/jira/browse/HTTPCLIENT-1265
http://access.redhat.com/errata/RHSA-2017:0868

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Application Performance Management
Improper certificate validation in IBM AIX
Multiple vulnerabilities in IBM Tivoli Application Dependency Discovery Manager
Improper certificate validation in IBM Cloud Pak for Data System
Multiple vulnerabilities in IBM B2B Advanced Communications and IBM Multi-Enterprise Integration Gateway
Multiple vulnerabilities in IBM App Connect for Healthcare
Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)
Multiple vulnerabilities in IBM Control Desk
Multiple vulnerabilities in IBM Cloud Pak for Business Automation
Improper certificate validation in IBM Maximo Asset Management