Improper Certificate Validation (CVE-2012-5783)
vdenotaris opened this issue · comments
Vincenzo De Notaris commented
Improper Certificate Validation
commons-httpclient:commons-httpclient
is a component of the Apache HttpComponents project.
Affected versions of this package are vulnerable to Man-in-the-Middle attacks due to not verifying that the requesting server hostname matches a domain name in the subject's Common Name (CN)
or subjectAltName
field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Depending on
org.springframework.security.extensions:spring-security-saml2-core:jar:1.0.9.RELEASE
See: spring-attic/spring-security-saml#459