RHSA-2013:0682: Moderate: jakarta-commons-httpclient security update
The Jakarta Commons HttpClient component can be used to build HTTP-awareclient applications (such as web browsers and web service clients).The Jakarta Commons HttpClient component did not verify that the serverhostname matched the domain name in the subject's Common Name (CN) orsubjectAltName field in X.509 certificates. This could allow aman-in-the-middle attacker to spoof an SSL server if they had a certificatethat was valid for any domain name. (CVE-2012-5783)Warning: Before applying this update, back up your existing JBossEnterprise Web Platform installation (including all applications andconfiguration files).All users of JBoss Enterprise Web Platform 5.2.0 on Red Hat EnterpriseLinux 4, 5, and 6 are advised to upgrade to this updated package. The JBossserver process must be restarted for the update to take effect.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2013:0682?
The severity of RHSA-2013:0682 is classified as moderate.
How do I fix RHSA-2013:0682?
To fix RHSA-2013:0682, you should update to jakarta-commons-httpclient version 3.1-2_patch_01.ep5.el6 or 3.1-2.1_patch_01.ep5.el5.
What systems are affected by RHSA-2013:0682?
RHSA-2013:0682 affects systems running jakarta-commons-httpclient versions prior to 3.1-2_patch_01.ep5.el6 and 3.1-2.1_patch_01.ep5.el5.
What is the issue with RHSA-2013:0682?
The issue in RHSA-2013:0682 relates to the Jakarta Commons HttpClient component not properly verifying that the server hostname matches the domain name.
Is there a workaround for RHSA-2013:0682?
There is no official workaround for RHSA-2013:0682; the recommended action is to apply the security patch.