Mandriva Linux Security Advisory : jakarta-commons-httpclient (MDVSA-2014:170)
Medium Nessus Plugin ID 77649
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability :
The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used (CVE-2012-6153).
SolutionUpdate the affected packages.