Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerable product
Vulnerabilities of Apache HttpClient

Apache HttpClient vulnerability: parameter injection with addRequestHeader
When an attacker can control the parameter of the addRequestHeader() method of Apache HttpClient, he can insert additional HTTP headers.

Apache HttpClient vulnerability: incomplete certificate validation
An attacker can use any valid certificate on a malicious server, and then invite an Apache HttpClient 3 to connect there, in order to spy communications even if encryption is used.

Apache HttpClient vulnerability: obtaining proxy password
When HttpClient connects to a proxy requiring an authentication, the login and password are sent to the remote server.

Apache HttpClient vulnerability: man in the middle of SSL
An attacker can act as a Man in the middle in the SSL/TLS session of HttpClient, in order to capture sensitive information.

Display other vulnerabilities of Apache HttpClient described by Vigil@nce...

Display information about Apache HttpClient:

Copyright 1999-2014 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française