hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "pavan (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HTTPCLIENT-1551) CVE-2014-3577 Is MITM possible in commons httpclient 3.x
Date Fri, 05 Sep 2014 05:33:23 GMT
pavan created HTTPCLIENT-1551:
---------------------------------

             Summary: CVE-2014-3577 Is MITM possible in commons httpclient 3.x
                 Key: HTTPCLIENT-1551
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1551
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 3.1 (end of life)
            Reporter: pavan
            Priority: Critical


Recently there was a CVE CVE-2014-3577 which can by pass hostname verification during ssl
handshake. We know Commons HTTPCLIENT 3.1 is EOL but just wanted to check whether this issue
feasible to this EOL version or not.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message