Debian Commons-Httpclient vulnerabilities

CVE-2015-5262 [MEDIUM] CVE-2015-5262: commons-httpclient - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClien... http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. Scope: local bookworm: resolved (fixed in 3.1-12) bullseye: resolved (fixed in 3.

CVE-2014-3577 [MEDIUM] CVE-2014-3577: commons-httpclient - org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient be... org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" str

CVE-2012-6153 [MEDIUM] CVE-2012-6153: commons-httpclient - http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 do... http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name

CVE-2012-5783 [MEDIUM] CVE-2012-5783: commons-httpclient - Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS)... Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certif