PT-2018-5178 · Apache+1 · Commons-Httpclient+1

Publicado

2018-01-26

Atualizado

2022-05-14

CVE-2017-1000396

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.73.1 and earlier, 2.83 and earlier

Description The issue concerns a vulnerability in the commons-httpclient library that incorrectly verifies SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins.

Recommendations For Jenkins versions 2.73.1 and earlier, 2.83 and earlier, update the commons-httpclient library to a version that includes the backported fix for the issue.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2017-1000396

GHSA-FQ9F-9WV9-RFMG

Produtos afetados

Jenkins

Commons-Httpclient

PT-2018-5178 · Apache+1 · Commons-Httpclient+1

CVE-2017-1000396

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6