MGASA-2014-0348

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2012-6153 CVE-2014-3577

Published: 25 Aug 2014, 08:44

Last modified:16 Apr 2026, 06:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Aug 2014, 08:44

Published

Vulnerability first disclosed

16 Apr 2026, 06:22

Last Modified

Vulnerability information updated

Description

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used (CVE-2012-6153). The Apache httpcomponents HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used (CVE-2014-3577).

Affected Systems

mageia•httpcomponents-client
< 4.3.5-1.mga4
mageia•jakarta-commons-httpclient
< 3.1-11.1.mga4

MGASA-2014-0348

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)