RHSA-2013:0270: Moderate: jakarta-commons-httpclient security update

Published Feb 19, 2013
·
Updated

The Jakarta Commons HttpClient component can be used to build HTTP-awareclient applications (such as web browsers and web service clients).The Jakarta Commons HttpClient component did not verify that the serverhostname matched the domain name in the subject's Common Name (CN) orsubjectAltName field in X.509 certificates. This could allow aman-in-the-middle attacker to spoof an SSL server if they had a certificatethat was valid for any domain name. (CVE-2012-5783)All users of jakarta-commons-httpclient are advised to upgrade to theseupdated packages, which correct this issue. Applications using the JakartaCommons HttpClient component must be restarted for this update to takeeffect.

Affected Software

10 affected componentsFixes available
redhat/jakarta-commons-httpclient<3.1-0.7.el6_3
3.1-0.7.el6_3
redhat/jakarta-commons-httpclient<3.1-0.7.el6_3
3.1-0.7.el6_3
redhat/jakarta-commons-httpclient-debuginfo<3.1-0.7.el6_3
3.1-0.7.el6_3
redhat/jakarta-commons-httpclient-demo<3.1-0.7.el6_3
3.1-0.7.el6_3
redhat/jakarta-commons-httpclient-javadoc<3.1-0.7.el6_3
3.1-0.7.el6_3
redhat/jakarta-commons-httpclient-manual<3.1-0.7.el6_3
3.1-0.7.el6_3
redhat/jakarta-commons-httpclient-debuginfo<3.1-0.7.el6_3
3.1-0.7.el6_3
redhat/jakarta-commons-httpclient-demo<3.1-0.7.el6_3
3.1-0.7.el6_3
redhat/jakarta-commons-httpclient-javadoc<3.1-0.7.el6_3
3.1-0.7.el6_3
redhat/jakarta-commons-httpclient-manual<3.1-0.7.el6_3
3.1-0.7.el6_3

Remediation

Event History

Feb 19, 2013
Advisory Published
12:00 AM
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of RHSA-2013:0270?

The severity of RHSA-2013:0270 is classified as moderate.

2

How do I fix RHSA-2013:0270?

To fix RHSA-2013:0270, update the jakarta-commons-httpclient package to version 3.1-0.7.el6_3.

3

What vulnerabilities are associated with RHSA-2013:0270?

RHSA-2013:0270 is associated with a vulnerability in the Jakarta Commons HttpClient related to hostname verification.

4

Which versions of jakarta-commons-httpclient are affected by RHSA-2013:0270?

Versions of jakarta-commons-httpclient up to 3.1-0.7.el6_3 are affected by RHSA-2013:0270.

5

Is RHSA-2013:0270 applicable to all Red Hat users?

RHSA-2013:0270 applies to Red Hat users utilizing the affected versions of jakarta-commons-httpclient on their systems.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
RHSA-2013:0270 - Moderate: jakarta-commons-httpclient security update - SecAlerts