Orange Applications for Business
Vigil@nce Vigil@nce Vigil@nce
analyzing computer vulnerabilities since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free trial free trial
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerable product
Vulnerabilities of Apache HttpClient

Apache HttpClient vulnerability: man in the middle of SSL
An attacker can act as a Man in the middle in the SSL/TLS session of HttpClient, in order to capture sensitive information.

Apache HttpClient vulnerability: parameter injection with addRequestHeader
When an attacker can control the parameter of the addRequestHeader() method of Apache HttpClient, he can insert additional HTTP headers.

Apache HttpClient vulnerability: incomplete certificate validation
An attacker can use any valid certificate on a malicious server, and then invite an Apache HttpClient 3 to connect there, in order to spy communications even if encryption is used.

Apache HttpClient vulnerability: obtaining proxy password
When HttpClient connects to a proxy requiring an authentication, the login and password are sent to the remote server.

Apache HttpClient vulnerability: erroneous certificate validation
An attacker can create an SSL certificate which wille be wrongly validated by Apache HttpComponents HttpClient, in order to capture traffic and bypass encryption.

Display other vulnerabilities of Apache HttpClient described by Vigil@nce...

Display information about Apache HttpClient:

Copyright 1999-2015 Vigil@nce. Vigil@nce is a service from Orange Applications for Business. Site map. Legal notice. Version française