Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache HttpClient 安全漏洞
Vulnerability Description
Apache HttpClient是美国阿帕奇(Apache)基金会的一个 Java 编写的访问HTTP资源的客户端程序。该程序用于使用HTTP协议访问网络资源。 Apache HttpComponents HttpClient 4.3.4及之前版本和HttpAsyncClient 4.0.1及之前版本的org.apache.http.conn.ssl.AbstractVerifier文件中存在安全漏洞,该漏洞源于程序没有正确验证服务器X.509证书。攻击者可借助特制的证书利用该漏洞实施中间人攻击,伪造数
CVSS Information
N/A
Vulnerability Type
N/A