[jira] [Updated] (HTTPCLIENT-1551) CVE-2014-3577 Is MITM possible in commons httpclient 3.x

Oleg Kalnichevski (JIRA) Fri, 05 Sep 2014 00:18:07 -0700

     [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Oleg Kalnichevski updated HTTPCLIENT-1551:
------------------------------------------
    Priority: Minor  (was: Critical)

> CVE-2014-3577 Is MITM possible in commons httpclient 3.x
> --------------------------------------------------------
>
>                 Key: HTTPCLIENT-1551
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1551
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 3.1 (end of life)
>            Reporter: pavan
>            Priority: Minor
>
> Recently there was a CVE CVE-2014-3577 which can by pass hostname 
> verification during ssl handshake. We know Commons HTTPCLIENT 3.1 is EOL but 
> just wanted to check whether this issue feasible to this EOL version or not.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (HTTPCLIENT-1551) CVE-2014-3577 Is MITM possible in commons httpclient 3.x

Reply via email to