Publish GHSA-3832-9276-x7gf

github · Nov 5, 2024 · 58b7d0c · 58b7d0c
1 parent cabf686
commit 58b7d0c
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/advisories/github-reviewed/2022/05/GHSA-3832-9276-x7gf/GHSA-3832-9276-x7gf.json b/advisories/github-reviewed/2022/05/GHSA-3832-9276-x7gf/GHSA-3832-9276-x7gf.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3832-9276-x7gf",
-  "modified": "2024-03-14T21:52:44Z",
+  "modified": "2024-11-05T22:28:04Z",
   "published": "2022-05-13T01:10:34Z",
   "aliases": [
     "CVE-2012-5783"
   ],
-  "summary": "Improper Certificate Validation in apache HttpClient",
-  "details": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
+  "summary": "Improper Certificate Validation in Apache Commons HttpClient",
+  "details": "Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\n\nNote that the Commons HttpClient project is [end of life](https://hc.apache.org/httpclient-legacy/). It has been replaced by the Apache HttpComponents project in its [HttpClient](https://hc.apache.org/httpcomponents-client-5.4.x/) and [HttpCore](https://hc.apache.org/httpcomponents-core-5.3.x/) modules. CVE-2012-5783 has been patched in [v4.0](https://repo1.maven.org/maven2/org/apache/httpcomponents/httpclient/4.0/) of the Apache HttpComponents HttpClient module.",
   "severity": [
 
   ],
@@ -23,13 +23,13 @@
           "events": [
             {
               "introduced": "3.0"
-            },
-            {
-              "fixed": "4.0"
             }
           ]
         }
-      ]
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "< 4.0"
+      }
     }
   ],
   "references": [