Sign In

CVE-2012-6153

ADVISORY - github

Summary

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.

EPSS Score: 0.00149 (0.515)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20

Improper Input Validation

ADVISORY - github

CWE-20

Improper Input Validation

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-20

Improper Input Validation

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-297

Improper Validation of Certificate with Host Mismatch

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2012-6153
EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20

CVSS SCORE

4.3medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-2x83-r56g-cv47
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20

CVSS SCORE

N/Ahigh

Debian

CREATED

UPDATED

ADVISORY IDCVE-2012-6153
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2012-6153
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2012-6153

EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-20CWE-937

CVSS SCORE

4.3medium

Amazon

CREATED

UPDATED

ADVISORY IDALAS-2014-410
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2012-6153
EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-297

CVSS SCORE

5.8high