Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Commons HttpClient 输入验证错误漏洞
Vulnerability Description
Apache Commons Beanutils是美国阿帕奇(Apache)基金会的一款提供可操作JavaBean的工具类的软件包。 Apache Commons HttpClient 4.2.2及之前版本的http/conn/ssl/AbstractVerifier.java文件中存在输入验证错误漏洞,该漏洞源于程序没有正确验证X.509证书。攻击者可通过特制的证书利用该漏洞实施中间人攻击,伪造数据,欺骗SSL服务器。
CVSS Information
N/A
Vulnerability Type
N/A