What is CVE-2012-5783?

CVE-2012-5783 is a vulnerability in Apache Httpclient, classified under Improper Certificate Validation. Published 2012-11-04.

Is CVE-2012-5783 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Httpclient

CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field…

Vulnerability class: Improper Certificate Validation

EPSS: 0.006 (70.3th percentile) — read the EPSS interpretation.

Affected products

Apache Httpclient — versions 3.1
Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
N/a — versions n/a

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

Public proof-of-concept exploits

albfernandez/commons-httpclient-3

References

RHSA-2013:0681 (x_refsource_REDHAT, vendor-advisory, Broken Link)
cve@mitre.org (x_refsource_CONFIRM, Patch, Issue Tracking, Vendor Advisory)
openSUSE-SU-2013:0622 (vendor-advisory, x_refsource_SUSE, Broken Link)
RHSA-2013:0680 (x_refsource_REDHAT, vendor-advisory, Broken Link)
RHSA-2017:0868 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
openSUSE-SU-2013:0354 (vendor-advisory, x_refsource_SUSE, Broken Link)
58073 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
apache-commons-ssl-spoofing(79984) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
RHSA-2013:0270 (x_refsource_REDHAT, vendor-advisory, Broken Link)
RHSA-2013:0682 (x_refsource_REDHAT, vendor-advisory, Broken Link)

Frequently asked questions

What is CVE-2012-5783?: CVE-2012-5783 is a vulnerability in Apache Httpclient, classified under Improper Certificate Validation. Published 2012-11-04.
Is CVE-2012-5783 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.