You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "pavan (JIRA)" <ji...@apache.org> on 2014/09/05 07:33:23 UTC

[jira] [Created] (HTTPCLIENT-1551) CVE-2014-3577 Is MITM possible in commons httpclient 3.x

pavan created HTTPCLIENT-1551:
---------------------------------

             Summary: CVE-2014-3577 Is MITM possible in commons httpclient 3.x
                 Key: HTTPCLIENT-1551
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1551
             Project: HttpComponents HttpClient
          Issue Type: Bug
          Components: HttpClient
    Affects Versions: 3.1 (end of life)
            Reporter: pavan
            Priority: Critical


Recently there was a CVE CVE-2014-3577 which can by pass hostname verification during ssl handshake. We know Commons HTTPCLIENT 3.1 is EOL but just wanted to check whether this issue feasible to this EOL version or not.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org