CVE: 2012-5783 found in HttpClient - Version: 3.1 [JAVA]

[bnreplah]

Veracode Software Composition Analysis

Attribute	Details
Library	HttpClient
Description	The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and prov
Language	JAVA
Vulnerability	Man In The Middle (MitM)
Vulnerability description	Apache Commons HTTPClient is vulnerable to man-in-the-middle attacks. The library does not verify that the server hostname matches a domain name in the subjects Common Name CN or subjectAltName field of the X.509 certificate, allowing Man In The Middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE	2012-5783
CVSS score	5.8
Vulnerability present in version/s	2.0-alpha3-3.1
Found library version/s	3.1
Vulnerability fixed in version
Library latest version	3.1
Fix	No fix version for this range. Apply the fix below.

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/110?version=3.1
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/294
• Patch: