DEBIAN-CVE-2012-6153

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2012-6153

Downstream

DLA-222-1

Published: 04 Sept 2014, 17:55

Last modified:28 Apr 2026, 20:04

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

04 Sept 2014, 17:55

Published

Vulnerability first disclosed

28 Apr 2026, 20:04

Last Modified

Vulnerability information updated

Description

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.

Affected Systems

debian•commons-httpclient
< 3.1-10.2 | < 3.1-10.2 | < 3.1-10.2 | < 3.1-10.2

References (1)

https://security-tracker.debian.org/tracker/CVE-2012-6153