Moderate severityNVD Advisory· Published Nov 4, 2012· Updated Jun 16, 2026
CVE-2012-5783
CVE-2012-5783
Description
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
commons-httpclient:commons-httpclientMaven | >= 3.0 | — |
Affected products
148- cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- osv-coords144 versionspkg:apk/chainguard/apicurio-registrypkg:apk/chainguard/apicurio-registry-nginx-configpkg:apk/chainguard/apicurio-registry-uipkg:apk/chainguard/hadoop-fips-3.3.6pkg:apk/chainguard/trinopkg:apk/chainguard/trino-configpkg:apk/chainguard/trino-oci-entrypointpkg:apk/chainguard/trino-plugin-accumulopkg:apk/chainguard/trino-plugin-ai-functionspkg:apk/chainguard/trino-plugin-atoppkg:apk/chainguard/trino-plugin-bigquerypkg:apk/chainguard/trino-plugin-blackholepkg:apk/chainguard/trino-plugin-cassandrapkg:apk/chainguard/trino-plugin-clickhousepkg:apk/chainguard/trino-plugin-delta-lakepkg:apk/chainguard/trino-plugin-druidpkg:apk/chainguard/trino-plugin-duckdbpkg:apk/chainguard/trino-plugin-elasticsearchpkg:apk/chainguard/trino-plugin-example-httppkg:apk/chainguard/trino-plugin-exasolpkg:apk/chainguard/trino-plugin-exchange-filesystempkg:apk/chainguard/trino-plugin-exchange-hdfspkg:apk/chainguard/trino-plugin-fakerpkg:apk/chainguard/trino-plugin-functions-pythonpkg:apk/chainguard/trino-plugin-geospatialpkg:apk/chainguard/trino-plugin-google-sheetspkg:apk/chainguard/trino-plugin-hivepkg:apk/chainguard/trino-plugin-http-event-listenerpkg:apk/chainguard/trino-plugin-http-server-event-listenerpkg:apk/chainguard/trino-plugin-hudipkg:apk/chainguard/trino-plugin-icebergpkg:apk/chainguard/trino-plugin-ignitepkg:apk/chainguard/trino-plugin-jmxpkg:apk/chainguard/trino-plugin-kafkapkg:apk/chainguard/trino-plugin-kafka-event-listenerpkg:apk/chainguard/trino-plugin-kinesispkg:apk/chainguard/trino-plugin-kudupkg:apk/chainguard/trino-plugin-lakehousepkg:apk/chainguard/trino-plugin-ldap-group-providerpkg:apk/chainguard/trino-plugin-local-filepkg:apk/chainguard/trino-plugin-lokipkg:apk/chainguard/trino-plugin-mariadbpkg:apk/chainguard/trino-plugin-memorypkg:apk/chainguard/trino-plugin-mlpkg:apk/chainguard/trino-plugin-mongodbpkg:apk/chainguard/trino-plugin-mysqlpkg:apk/chainguard/trino-plugin-mysql-event-listenerpkg:apk/chainguard/trino-plugin-opapkg:apk/chainguard/trino-plugin-openlineagepkg:apk/chainguard/trino-plugin-opensearchpkg:apk/chainguard/trino-plugin-oraclepkg:apk/chainguard/trino-plugin-password-authenticatorspkg:apk/chainguard/trino-plugin-phoenix5pkg:apk/chainguard/trino-plugin-pinotpkg:apk/chainguard/trino-plugin-postgresqlpkg:apk/chainguard/trino-plugin-prometheuspkg:apk/chainguard/trino-plugin-rangerpkg:apk/chainguard/trino-plugin-raptor-legacypkg:apk/chainguard/trino-plugin-redispkg:apk/chainguard/trino-plugin-redshiftpkg:apk/chainguard/trino-plugin-resource-group-managerspkg:apk/chainguard/trino-plugin-session-property-managerspkg:apk/chainguard/trino-plugin-singlestorepkg:apk/chainguard/trino-plugin-snowflakepkg:apk/chainguard/trino-plugin-spooling-filesystempkg:apk/chainguard/trino-plugin-sqlserverpkg:apk/chainguard/trino-plugin-teradata-functionspkg:apk/chainguard/trino-plugin-thriftpkg:apk/chainguard/trino-plugin-tpcdspkg:apk/chainguard/trino-plugin-tpchpkg:apk/chainguard/trino-plugin-verticapkg:apk/chainguard/zaproxypkg:apk/wolfi/apicurio-registrypkg:apk/wolfi/apicurio-registry-nginx-configpkg:apk/wolfi/apicurio-registry-uipkg:apk/wolfi/trinopkg:apk/wolfi/trino-configpkg:apk/wolfi/trino-oci-entrypointpkg:apk/wolfi/trino-plugin-accumulopkg:apk/wolfi/trino-plugin-ai-functionspkg:apk/wolfi/trino-plugin-atoppkg:apk/wolfi/trino-plugin-bigquerypkg:apk/wolfi/trino-plugin-blackholepkg:apk/wolfi/trino-plugin-cassandrapkg:apk/wolfi/trino-plugin-clickhousepkg:apk/wolfi/trino-plugin-delta-lakepkg:apk/wolfi/trino-plugin-druidpkg:apk/wolfi/trino-plugin-duckdbpkg:apk/wolfi/trino-plugin-elasticsearchpkg:apk/wolfi/trino-plugin-example-httppkg:apk/wolfi/trino-plugin-exasolpkg:apk/wolfi/trino-plugin-exchange-filesystempkg:apk/wolfi/trino-plugin-exchange-hdfspkg:apk/wolfi/trino-plugin-fakerpkg:apk/wolfi/trino-plugin-functions-pythonpkg:apk/wolfi/trino-plugin-geospatialpkg:apk/wolfi/trino-plugin-google-sheetspkg:apk/wolfi/trino-plugin-hivepkg:apk/wolfi/trino-plugin-http-event-listenerpkg:apk/wolfi/trino-plugin-http-server-event-listenerpkg:apk/wolfi/trino-plugin-hudipkg:apk/wolfi/trino-plugin-icebergpkg:apk/wolfi/trino-plugin-ignitepkg:apk/wolfi/trino-plugin-jmxpkg:apk/wolfi/trino-plugin-kafkapkg:apk/wolfi/trino-plugin-kafka-event-listenerpkg:apk/wolfi/trino-plugin-kinesispkg:apk/wolfi/trino-plugin-kudupkg:apk/wolfi/trino-plugin-lakehousepkg:apk/wolfi/trino-plugin-ldap-group-providerpkg:apk/wolfi/trino-plugin-local-filepkg:apk/wolfi/trino-plugin-lokipkg:apk/wolfi/trino-plugin-mariadbpkg:apk/wolfi/trino-plugin-memorypkg:apk/wolfi/trino-plugin-mlpkg:apk/wolfi/trino-plugin-mongodbpkg:apk/wolfi/trino-plugin-mysqlpkg:apk/wolfi/trino-plugin-mysql-event-listenerpkg:apk/wolfi/trino-plugin-opapkg:apk/wolfi/trino-plugin-openlineagepkg:apk/wolfi/trino-plugin-opensearchpkg:apk/wolfi/trino-plugin-oraclepkg:apk/wolfi/trino-plugin-password-authenticatorspkg:apk/wolfi/trino-plugin-phoenix5pkg:apk/wolfi/trino-plugin-pinotpkg:apk/wolfi/trino-plugin-postgresqlpkg:apk/wolfi/trino-plugin-prometheuspkg:apk/wolfi/trino-plugin-rangerpkg:apk/wolfi/trino-plugin-raptor-legacypkg:apk/wolfi/trino-plugin-redispkg:apk/wolfi/trino-plugin-redshiftpkg:apk/wolfi/trino-plugin-resource-group-managerspkg:apk/wolfi/trino-plugin-session-property-managerspkg:apk/wolfi/trino-plugin-singlestorepkg:apk/wolfi/trino-plugin-snowflakepkg:apk/wolfi/trino-plugin-spooling-filesystempkg:apk/wolfi/trino-plugin-sqlserverpkg:apk/wolfi/trino-plugin-teradata-functionspkg:apk/wolfi/trino-plugin-thriftpkg:apk/wolfi/trino-plugin-tpcdspkg:apk/wolfi/trino-plugin-tpchpkg:apk/wolfi/trino-plugin-verticapkg:maven/commons-httpclient/commons-httpclientpkg:rpm/opensuse/apache-commons-httpclient&distro=openSUSE%20Tumbleweed
< 3.0.6-r2+ 143 more
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 3.3.6-r15
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 2.16.0-r0
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: < 445-r0
- (no CPE)range: >= 3.0
- (no CPE)range: < 3.1-8.5
Patches
Vulnerability mechanics
References
20- issues.apache.org/jira/browse/HTTPCLIENT-1265nvdIssue TrackingPatchVendor AdvisoryWEB
- www.cs.utexas.edu/~shmat/shmat_ccs12.pdfnvdTechnical DescriptionThird Party AdvisoryWEB
- www.securityfocus.com/bid/58073nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2769-1nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:0868nvdThird Party AdvisoryWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/79984nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-3832-9276-x7gfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-5783ghsaADVISORY
- lists.opensuse.org/opensuse-updates/2013-02/msg00078.htmlnvdBroken LinkWEB
- lists.opensuse.org/opensuse-updates/2013-04/msg00040.htmlnvdBroken LinkWEB
- lists.opensuse.org/opensuse-updates/2013-04/msg00041.htmlnvdBroken LinkWEB
- lists.opensuse.org/opensuse-updates/2013-04/msg00053.htmlnvdBroken LinkWEB
- rhn.redhat.com/errata/RHSA-2013-0270.htmlnvdBroken LinkWEB
- rhn.redhat.com/errata/RHSA-2013-0679.htmlnvdBroken LinkWEB
- rhn.redhat.com/errata/RHSA-2013-0680.htmlnvdBroken LinkWEB
- rhn.redhat.com/errata/RHSA-2013-0681.htmlnvdBroken Link
- rhn.redhat.com/errata/RHSA-2013-0682.htmlnvdBroken LinkWEB
- rhn.redhat.com/errata/RHSA-2013-1147.htmlnvdBroken Link
- rhn.redhat.com/errata/RHSA-2013-1853.htmlnvdBroken LinkWEB
- rhn.redhat.com/errata/RHSA-2014-0224.htmlnvdBroken LinkWEB
News mentions
0No linked articles in our index yet.