Author: rfscholte
Date: Wed Aug  9 19:27:46 2017
New Revision: 1804602



Modified: maven/site/trunk/content/markdown/
--- maven/site/trunk/content/markdown/ (original)
+++ maven/site/trunk/content/markdown/ Wed Aug  9 19:27:46 2017
@@ -32,3 +32,24 @@ All users are recommended to upgrade to
 Credit: This issue was identified by Graham Leggett
+### CVE-2012-6153
+Severity: Medium
+Vendor: The Apache Software Foundation
+Versions Affected:
+-   Apache Maven Wagon WebDAV Provider 2.12 and earlier
+Description: http/conn/ssl/ in Apache Commons HttpClient 
+before 4.2.3 does not properly verify that the server hostname matches a 
+domain name in the subject's Common Name (CN) or subjectAltName field of the 
+X.509 certificate, which allows man-in-the-middle attackers to spoof SSL 
+servers via a certificate with a subject that specifies a common name in a 
+field that is not the CN field.
+Users of this provider are recommended to upgrade to [Apache Maven Wagon :: 
+WebDAV Provider 3.0.0](./download.cgi)
\ No newline at end of file

Reply via email to