CVE-2014-3577

ADVISORY - github

Summary

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

EPSS Score⁠: 0.00378 (0.732)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-other⁠

ADVISORY - github

CWE-347⁠

Improper Verification of Cryptographic Signature

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-297⁠

Improper Validation of Certificate with Host Mismatch

Impacted images

Advisories

NIST

CREATED

10 years ago

UPDATED

11 months ago

ADVISORY IDCVE-2014-3577⁠

EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-other⁠

CVSS SCORE

5.8medium

GitHub

CREATED

6 years ago

UPDATED

6 months ago

ADVISORY IDGHSA-cfh5-3ghh-wfjx⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-347⁠

CVSS SCORE

N/Amedium

Debian

CREATED

10 years ago

UPDATED

3 months ago

ADVISORY IDCVE-2014-3577⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

10 years ago

UPDATED

3 months ago

ADVISORY IDCVE-2014-3577⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GitLab

CREATED

6 years ago

UPDATED

3 years ago

ADVISORY ID

CVE-2014-3577

EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-937⁠

CVSS SCORE

5.8medium

Amazon

CREATED

10 years ago

UPDATED

10 years ago

ADVISORY IDALAS-2014-410⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

10 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2014-3577⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-297⁠

CVSS SCORE

4.8high

SUSE

CREATED

10 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2014-3577⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.5medium

Oracle

CREATED

10 years ago

UPDATED

10 years ago

ADVISORY IDELSA-2014-1146⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

10 years ago

UPDATED

10 years ago

ADVISORY IDELSA-2014-1166⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

intheWild

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2014-3577⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY