Author: rfscholte
Date: Wed Aug  9 19:27:46 2017
New Revision: 1804602

URL: http://svn.apache.org/viewvc?rev=1804602&view=rev
Log:
CVE-2012-6153

Modified:
    maven/site/trunk/content/markdown/security.md

Modified: maven/site/trunk/content/markdown/security.md
URL: 
http://svn.apache.org/viewvc/maven/site/trunk/content/markdown/security.md?rev=1804602&r1=1804601&r2=1804602&view=diff
==============================================================================
--- maven/site/trunk/content/markdown/security.md (original)
+++ maven/site/trunk/content/markdown/security.md Wed Aug  9 19:27:46 2017
@@ -32,3 +32,24 @@ All users are recommended to upgrade to
 
 Credit: This issue was identified by Graham Leggett
 
+### CVE-2012-6153
+
+Severity: Medium
+
+Vendor: The Apache Software Foundation
+
+Versions Affected:
+
+-   Apache Maven Wagon WebDAV Provider 2.12 and earlier
+
+Description: http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient 
+before 4.2.3 does not properly verify that the server hostname matches a 
+domain name in the subject's Common Name (CN) or subjectAltName field of the 
+X.509 certificate, which allows man-in-the-middle attackers to spoof SSL 
+servers via a certificate with a subject that specifies a common name in a 
+field that is not the CN field.
+
+[CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153)
+
+Users of this provider are recommended to upgrade to [Apache Maven Wagon :: 
+WebDAV Provider 3.0.0](./download.cgi)
\ No newline at end of file


Reply via email to