CVE-2012-5783

🔶 medium

Summary

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS Score

5.8

Medium

EPSS Score

0.7

Exploit Probability

Published Date

2012-11-04

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.9% of all 329,456 vulnerabilities in our database.

#221,102

Below average severity

Severity Percentile

Last Modified 2025-04-11

Source NVD 🔗

CWE IDs (Weakness Types)

CWE-295

📦 Affected Products 4

Vendor	Product	Status	Affected Versions
canonical	ubuntu_linux	Affected	v12.04
canonical	ubuntu_linux	Affected	v14.04
canonical	ubuntu_linux	Affected	v15.04
apache	httpclient	Affected	v3.1

🔗 References 18

http://lists.opensuse.org/opensuse-updates/2013-02/m...

Broken Link

http://lists.opensuse.org/opensuse-updates/2013-04/m...

Broken Link

http://lists.opensuse.org/opensuse-updates/2013-04/m...

Broken Link

http://lists.opensuse.org/opensuse-updates/2013-04/m...

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0270.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0679.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0680.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0681.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-0682.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-1147.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2013-1853.html

Broken Link

http://rhn.redhat.com/errata/RHSA-2014-0224.html

Broken Link

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

Technical Description Third Party Advisory

http://www.securityfocus.com/bid/58073

Third Party Advisory VDB Entry

http://www.ubuntu.com/usn/USN-2769-1

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:0868

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities...

Third Party Advisory VDB Entry

https://issues.apache.org/jira/browse/HTTPCLIENT-1265

Issue Tracking Patch Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-47326	🔶 medium	5.5	0.1	Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor not...	2026-05-28
CVE-2026-47327	ℹ️ low	3.3	0.1	Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmo...	2026-05-28
CVE-2026-47328	🔶 medium	6.1	0.1	Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not ...	2026-05-28
CVE-2026-47329	ℹ️ low	3.3	0.1	Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor n...	2026-05-28
CVE-2026-47330	ℹ️ low	3.3	0.1	Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitializ...	2026-05-28
CVE-2026-47331	⚠️ high	7.8	0.1	Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivile...	2026-05-28

These CVEs affect the same products