Executive Summary

Informations
Name CVE-2012-6153 First vendor Publication 2014-09-04
Vendor Cve Last vendor Modification 2018-01-05

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26509
 
Oval ID: oval:org.mitre.oval:def:26509
Title: ELSA-2014-1146 -- httpcomponents-client security update (Important)
Description: HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) For additional information on this flaw, refer to the Knowledgebase article in the References section. All httpcomponents-client users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Family: unix Class: patch
Reference(s): ELSA-2014-1146
CVE-2014-3577
CVE-2012-6153
Version: 3
Platform(s): Oracle Linux 7
Product(s): httpcomponents-client
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27050
 
Oval ID: oval:org.mitre.oval:def:27050
Title: ELSA-2014-1166 -- jakarta-commons-httpclient security update (Important)
Description: Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) For additional information on this flaw, refer to the Knowledgebase article in the References section. All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Family: unix Class: patch
Reference(s): ELSA-2014-1166
CVE-2014-3577
CVE-2012-6153
Version: 5
Platform(s): Oracle Linux 7
Oracle Linux 6
Oracle Linux 5
Product(s): jakarta-commons-httpclient
Definition Synopsis:

Nessus® Vulnerability Scanner

Date Description
2016-10-31 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ac18046c9b0811e68011005056925db4.nasl - Type : ACT_GATHER_INFO
2015-10-15 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2769-1.nasl - Type : ACT_GATHER_INFO
2015-09-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0158.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote Debian host is missing a security update.
File : debian_DLA-222.nasl - Type : ACT_GATHER_INFO
2015-04-17 Name : The remote Windows host has web portal software installed that is affected by...
File : websphere_portal_8_0_0_1_cf15.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-2019.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-1834.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-1833.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1098.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-410.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1320.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1321.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-170.nasl - Type : ACT_GATHER_INFO
2014-09-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1166.nasl - Type : ACT_GATHER_INFO
2014-09-09 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1166.nasl - Type : ACT_GATHER_INFO
2014-09-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1166.nasl - Type : ACT_GATHER_INFO
2014-09-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1162.nasl - Type : ACT_GATHER_INFO
2014-09-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1146.nasl - Type : ACT_GATHER_INFO
2014-09-04 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1146.nasl - Type : ACT_GATHER_INFO
2014-09-04 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1146.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9629.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9617.nasl - Type : ACT_GATHER_INFO
2014-08-27 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9539.nasl - Type : ACT_GATHER_INFO
2014-08-27 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9581.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/69257
CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1411705
https://access.redhat.com/solutions/1165533
https://bugzilla.redhat.com/show_bug.cgi?id=1129916
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1098.html
http://rhn.redhat.com/errata/RHSA-2014-1833.html
http://rhn.redhat.com/errata/RHSA-2014-1834.html
http://rhn.redhat.com/errata/RHSA-2014-1835.html
http://rhn.redhat.com/errata/RHSA-2014-1836.html
http://rhn.redhat.com/errata/RHSA-2014-1891.html
http://rhn.redhat.com/errata/RHSA-2014-1892.html
http://rhn.redhat.com/errata/RHSA-2015-0125.html
http://rhn.redhat.com/errata/RHSA-2015-0158.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://rhn.redhat.com/errata/RHSA-2015-0850.html
http://rhn.redhat.com/errata/RHSA-2015-0851.html
http://rhn.redhat.com/errata/RHSA-2015-1888.html
UBUNTU http://www.ubuntu.com/usn/USN-2769-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Date Informations
2021-04-22 01:27:07
  • Multiple Updates
2020-05-23 01:50:26
  • Multiple Updates
2020-05-23 00:35:27
  • Multiple Updates
2018-01-05 09:23:15
  • Multiple Updates
2017-11-27 21:22:40
  • Multiple Updates
2016-11-01 13:25:53
  • Multiple Updates
2016-08-23 09:24:47
  • Multiple Updates
2016-08-20 09:22:28
  • Multiple Updates
2016-08-17 09:23:49
  • Multiple Updates
2016-04-26 22:34:46
  • Multiple Updates
2015-10-29 09:22:34
  • Multiple Updates
2015-10-16 13:24:30
  • Multiple Updates
2015-09-02 13:39:04
  • Multiple Updates
2015-05-21 13:29:52
  • Multiple Updates
2015-04-23 09:27:15
  • Multiple Updates
2015-04-18 13:26:45
  • Multiple Updates
2015-04-07 09:26:32
  • Multiple Updates
2015-03-28 09:25:21
  • Multiple Updates
2015-03-18 09:25:58
  • Multiple Updates
2015-02-19 09:22:35
  • Multiple Updates
2014-12-23 13:26:14
  • Multiple Updates
2014-12-12 09:22:26
  • Multiple Updates
2014-11-13 13:26:40
  • Multiple Updates
2014-11-08 13:30:25
  • Multiple Updates
2014-10-17 13:26:00
  • Multiple Updates
2014-10-12 13:26:55
  • Multiple Updates
2014-10-02 13:27:12
  • Multiple Updates
2014-09-13 13:43:01
  • Multiple Updates
2014-09-12 21:26:13
  • Multiple Updates
2014-09-09 13:24:22
  • Multiple Updates
2014-09-05 17:21:51
  • Multiple Updates
2014-09-05 05:22:14
  • Multiple Updates
2014-09-04 21:23:26
  • First insertion