hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HTTPCLIENT-1551) CVE-2014-3577 Is MITM possible in commons httpclient 3.x
Date Fri, 05 Sep 2014 07:17:24 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleg Kalnichevski updated HTTPCLIENT-1551:
------------------------------------------
    Priority: Minor  (was: Critical)

> CVE-2014-3577 Is MITM possible in commons httpclient 3.x
> --------------------------------------------------------
>
>                 Key: HTTPCLIENT-1551
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1551
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 3.1 (end of life)
>            Reporter: pavan
>            Priority: Minor
>
> Recently there was a CVE CVE-2014-3577 which can by pass hostname verification during
ssl handshake. We know Commons HTTPCLIENT 3.1 is EOL but just wanted to check whether this
issue feasible to this EOL version or not.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message