CVE-2014-3577

CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

Severity Score

4.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

org.apache.http.conn.ssl.AbstractVerifier en Apache HttpComponents HttpClient anterior a 4.3.5 y HttpAsyncClient anterior a 4.0.2 no verifica debidamente que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) o subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de una cadena 'CN=' en un campo en el Distinguished Name (DN) de un certificado, tal y como fue demostrado por la cadena 'foo,CN=www.apache.org' en el campo O.

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2014-08-18 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2024-08-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-297: Improper Validation of Certificate with Host Mismatch

CAPEC

References (49)

URL	Tag	Source
http://secunia.com/advisories/60466	Third Party Advisory
http://secunia.com/advisories/60589	Third Party Advisory
http://secunia.com/advisories/60713	Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/06/1	Mailing List
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.osvdb.org/110143	Broken Link
http://www.securityfocus.com/bid/69258	Third Party Advisory
http://www.securitytracker.com/id/1030812	Third Party Advisory
https://access.redhat.com/solutions/1165533	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95327	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782	Third Party Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://security.netapp.com/advisory/ntap-20231027-0003

URL	Date	SRC
http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html	2024-08-06
http://seclists.org/fulldisclosure/2014/Aug/48	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1146.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1166.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1833.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1834.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1835.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1836.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1891.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1892.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0125.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0158.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0675.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0720.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0765.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0850.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0851.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1176.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1177.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1888.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-1773.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2016-1931.html	2023-11-07
http://www.ubuntu.com/usn/USN-2769-1	2023-11-07
https://access.redhat.com/security/cve/CVE-2014-3577	2022-03-10
https://bugzilla.redhat.com/show_bug.cgi?id=1129074	2022-03-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Httpclient Search vendor "Apache" for product "Httpclient"				>= 4.0 <= 4.3.4 Search vendor "Apache" for product "Httpclient" and version " >= 4.0 <= 4.3.4"		-		Affected
Apache Search vendor "Apache"		Httpasyncclient Search vendor "Apache" for product "Httpasyncclient"				>= 4.0 <= 4.0.1 Search vendor "Apache" for product "Httpasyncclient" and version " >= 4.0 <= 4.0.1"		-		Affected