{"id":"MGASA-2013-0199","summary":"Updated jakarta-commons-httpclient package fixes security vulnerability","details":"The Jakarta Commons HttpClient component did not verify that the server\nhostname matched the domain name in the subject's Common Name (CN) or\nsubjectAltName field in X.509 certificates. This could allow a\nman-in-the-middle attacker to spoof an SSL server if they had a certificate\nthat was valid for any domain name (CVE-2012-5783).\n","modified":"2026-04-16T06:24:05.779060204Z","published":"2013-07-06T14:11:31Z","upstream":["CVE-2012-5783"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0199.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=8933"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2013-0270.html"}],"affected":[{"package":{"name":"jakarta-commons-httpclient","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/jakarta-commons-httpclient?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1-3.1.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0199.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}