Orange Applications for Business
Vigil@nce Vigil@nce Vigil@nce
analyzing computer vulnerabilities since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerable product
Vulnerabilities of Apache Commons HttpClient

Apache Commons HttpClient vulnerability: erroneous certificate validation
An attacker can create an SSL certificate which wille be wrongly validated by Apache HttpComponents HttpClient, in order to capture traffic and bypass encryption.

Apache Commons HttpClient vulnerability: man in the middle of SSL
An attacker can act as a Man in the middle in the SSL/TLS session of HttpClient, in order to capture sensitive information.

Apache Commons HttpClient vulnerability: parameter injection with addRequestHeader
When an attacker can control the parameter of the addRequestHeader() method of Apache HttpClient, he can insert additional HTTP headers.

Apache Commons HttpClient vulnerability: incomplete certificate validation
An attacker can use any valid certificate on a malicious server, and then invite an Apache HttpClient 3 to connect there, in order to spy communications even if encryption is used.

Apache Commons HttpClient vulnerability: obtaining proxy password
When HttpClient connects to a proxy requiring an authentication, the login and password are sent to the remote server.

Display other vulnerabilities of Apache Commons HttpClient described by Vigil@nce...

Display information about Apache Commons HttpClient:



















Copyright 1999-2014 Vigil@nce. Vigil@nce is a service from Orange Applications for Business. Site map. Legal notice. Version française