What is CVE-2014-3577?

CVE-2014-3577 is a vulnerability in Apache Httpasyncclient. Published 2014-08-21.

Is CVE-2014-3577 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Httpasyncclient

CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjec…

EPSS: 0.014 (80.6th percentile) — read the EPSS interpretation.

Affected products

Public proof-of-concept exploits

References

RHSA-2014:1891 (vendor-advisory, Third Party Advisory)
RHSA-2015:0765 (vendor-advisory, Third Party Advisory)
secalert@redhat.com (Third Party Advisory)
110143 (vdb-entry, Broken Link)
secalert@redhat.com
RHSA-2015:0675 (vendor-advisory, Third Party Advisory)
60713 (Third Party Advisory, third-party-advisory)
secalert@redhat.com (Exploit, VDB Entry, Third Party Advisory)
RHSA-2015:0720 (vendor-advisory, Third Party Advisory)
RHSA-2014:1166 (vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2014-3577?: CVE-2014-3577 is a vulnerability in Apache Httpasyncclient. Published 2014-08-21.
Is CVE-2014-3577 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.