The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Apache Jakarta HttpClient

Apache HttpComponents HttpClient: erroneous certificate validation
An attacker can create an SSL certificate which will be wrongly validated by Apache HttpComponents HttpClient, in order to capture traffic and bypass encryption...
2015815, 7036319, c05103564, CST-7122, CST-7123, CST-7124, CST-7125, CST-7126, CST-7127, CST-7128, CST-7129, CST-7130, CST-7131, CVE-2014-3577, FEDORA-2014-9539, FEDORA-2014-9581, FEDORA-2014-9617, FEDORA-2014-9629, HPSBMU03584, RHSA-2014:1082-01, RHSA-2014:1146-01, RHSA-2014:1162-01, RHSA-2014:1163-01, RHSA-2014:1166-01, RHSA-2014:1320-01, RHSA-2014:1321-01, RHSA-2014:1322-01, RHSA-2014:1323-01, RHSA-2014:1833-01, RHSA-2014:1834-01, RHSA-2014:1835-01, RHSA-2014:1836-01, RHSA-2014:1891-01, RHSA-2014:1892-01, RHSA-2014:1904-01, RHSA-2014:2019-01, RHSA-2014:2020-01, RHSA-2015:0125-01, RHSA-2015:0158-01, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0675-01, RHSA-2015:0720-01, RHSA-2015:0765-01, RHSA-2015:0850-01, RHSA-2015:0851-01, RHSA-2015:1009, RHSA-2015:1176-01, RHSA-2015:1177-01, RHSA-2016:1931-01, USN-2769-1, VIGILANCE-VUL-15198
HttpClient: man in the middle of SSL
An attacker can act as a Man in the middle in the SSL/TLS session of HttpClient, in order to capture sensitive information...
CST-7122, CST-7123, CST-7124, CST-7125, CST-7126, CST-7127, CST-7128, CST-7129, CST-7130, CST-7131, CVE-2013-4366, VIGILANCE-VUL-13544
Apache HttpClient: parameter injection with addRequestHeader
When an attacker can control the parameter of the addRequestHeader() method of Apache HttpClient, he can insert additional HTTP headers...
CST-7122, CST-7123, CST-7124, CST-7125, CST-7126, CST-7127, CST-7128, CST-7129, CST-7130, CST-7131, VIGILANCE-VUL-12326
Apache HttpClient 3: incomplete certificate validation
An attacker can use any valid certificate on a malicious server, and then invite an Apache HttpClient 3 to connect there, in order to spy communications even if encryption is used...
2016216, BID-58073, CVE-2012-5783, FEDORA-2013-1189, FEDORA-2013-1203, FEDORA-2013-1289, HTTPCLIENT-1265, ibm10719287, ibm10719297, ibm10719301, ibm10719303, ibm10719307, openSUSE-SU-2013:0354-1, openSUSE-SU-2013:0622-1, openSUSE-SU-2013:0623-1, openSUSE-SU-2013:0638-1, RHSA-2013:0270-01, RHSA-2013:0679-01, RHSA-2013:0680-01, RHSA-2013:0681-01, RHSA-2013:0682-01, RHSA-2013:0763-01, RHSA-2013:1006-01, RHSA-2013:1147-01, RHSA-2013:1853-01, RHSA-2014:0224-01, RHSA-2017:0868-01, swg22017526, USN-2769-1, VIGILANCE-VUL-12182
Apache HttpComponents HttpClient: obtaining proxy password
When HttpClient connects to a proxy requiring an authentication, the login and password are sent to the remote server...
2015815, BID-46974, CST-7122, CST-7123, CST-7124, CST-7125, CST-7126, CST-7127, CST-7128, CST-7129, CST-7130, CST-7131, CVE-2011-1498, FEDORA-2011-7747, VIGILANCE-VUL-10465, VU#153049
Our database contains other pages. You can request a free trial to read them.

Display information about Apache Jakarta HttpClient: