jakarta-commons-httpclient-3.0-7jpp.4.AXS3
エラータID: AXSA:2014-519:01
Description :
The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant
protocol used on the Internet today. Web services, network-enabled
appliances and the growth of network computing continue to expand the
role of the HTTP protocol beyond user-driven web browsers, and increase
the number of applications that may require HTTP support.
Although the java.net package provides basic support for accessing
resources via HTTP, it doesn't provide the full flexibility or
functionality needed by many applications. The Jakarta Commons HTTP
Client component seeks to fill this void by providing an efficient,
up-to-date, and feature-rich package implementing the client side of the
most recent HTTP standards and recommendations.
Designed for extension while providing robust support for the base HTTP
protocol, the HTTP Client component may be of interest to anyone
building HTTP-aware client applications such as web browsers, web
service clients, or systems that leverage or extend the HTTP protocol
for distributed communication.
Security issues fixed with this release:
CVE-2014-3577
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient
before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the
server hostname matches a domain name in the subject's Common Name (CN) or
subjectAltName field of the X.509 certificate, which allows man-in-the-middle
attackers to spoof SSL servers via a "CN=" string in a field in the
distinguished name (DN) of a certificate, as demonstrated by the
"foo,CN=www.apache.org" string in the O field.
update package.
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
N/A
SRPMS
- jakarta-commons-httpclient-3.0-7jpp.4.AXS3.src.rpm
MD5: f828e60f9b30fe120f888c720e30144b
SHA-256: b3deca3bf5db1611c13fe83160d62fa3ce3e3778b582e6333271c9457570d57f
Size: 1.82 MB
Asianux Server 3 for x86
- jakarta-commons-httpclient-3.0-7jpp.4.AXS3.i386.rpm
MD5: feab83390a3e077e92c1fb478cb52d9f
SHA-256: 9ea663fa8cc05a938be5d40ad3ff36ef9164ce372f811fb70850e6bc0cdb20f6
Size: 517.31 kB
Asianux Server 3 for x86_64
- jakarta-commons-httpclient-3.0-7jpp.4.AXS3.x86_64.rpm
MD5: 2aa298b3339b6172ce0c685b8fc31fd1
SHA-256: 5b86940997b5a5c2f7cd662891bc8ac7d9c8218369b4da0673d09a7c86e58b80
Size: 598.06 kB