CVE-2012-6153
CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
http/conn/ssl/AbstractVerifier.java en Apache Commons HttpClient anterior a 4.2.3 no verifica debidamente que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) o subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado con un asunto que especifica un nombre común en un campo que no es el campo CN. NOTA: este problema existe debido a una solución incompleta para CVE-2012-5783.
It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-12-06 CVE Reserved
- 2014-08-20 CVE Published
- 2024-08-06 CVE Updated
- 2025-07-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-297: Improper Validation of Certificate with Host Mismatch
CAPEC
References (22)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/69257 | Third Party Advisory | |
| https://access.redhat.com/solutions/1165533 | Third Party Advisory | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Commons-httpclient Search vendor "Apache" for product "Commons-httpclient" | >= 4.0 <= 4.2.2 Search vendor "Apache" for product "Commons-httpclient" and version " >= 4.0 <= 4.2.2" | - |
Affected
| ||||||