You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2014/09/05 09:17:24 UTC

[jira] [Updated] (HTTPCLIENT-1551) CVE-2014-3577 Is MITM possible in commons httpclient 3.x

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski updated HTTPCLIENT-1551:
------------------------------------------
    Priority: Minor  (was: Critical)

> CVE-2014-3577 Is MITM possible in commons httpclient 3.x
> --------------------------------------------------------
>
>                 Key: HTTPCLIENT-1551
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1551
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 3.1 (end of life)
>            Reporter: pavan
>            Priority: Minor
>
> Recently there was a CVE CVE-2014-3577 which can by pass hostname verification during ssl handshake. We know Commons HTTPCLIENT 3.1 is EOL but just wanted to check whether this issue feasible to this EOL version or not.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org