VDB
RHSA-2013%3A0679
RHSA-2013%3A0679
PUBLISHED
CVSS 3.700000047683716 LOW
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Risk Scores
CVSS 3.0
3.700000047683716
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 5.2 |
Timeline
- Mar 25, 2013 CVE Published
- Jan 28, 2026 CVE Updated
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2013:0679 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.2.0 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=873317 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0679.json advisory
- https://access.redhat.com/security/cve/CVE-2012-5783 advisory
- https://www.cve.org/CVERecord?id=CVE-2012-5783 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2012-5783 advisory