{"api_version":"1","generated_at":"2026-04-22T22:48:05+00:00","cve":"CVE-2014-3577","urls":{"html":"https://cve.report/CVE-2014-3577","api":"https://cve.report/api/cve/CVE-2014-3577.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-3577","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-3577"},"summary":{"title":"CVE-2014-3577","description":"org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"CN=\" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the \"foo,CN=www.apache.org\" string in the O field.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2014-08-21 14:55:00","updated_at":"2023-11-07 02:20:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2014/Aug/48","name":"20140818 CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack","refsource":"FULLDISC","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"Full Disclosure: CVE-2014-3577: Apache HttpComponents client: Hostname\tverification susceptible to MITM attack","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1892.html","name":"RHSA-2014:1892","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/60713","name":"60713","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Security Advisory SA60713 - Apache HttpComponents HttpClient / Apache HttpComponents HttpAsyncClient X.509 Certificate Validation Security Issue - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782","name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Document Display | HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html","name":"RHSA-2015:0765","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1773.html","name":"RHSA-2016:1773","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html","name":"http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html","refsource":"MISC","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Apache HttpComponents Man-In-The-Middle ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html","name":"openSUSE-SU-2020:1873","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1873-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html","refsource":"","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1835.html","name":"RHSA-2014:1835","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E","name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/95327","name":"apache-cve20143577-spoofing(95327)","refsource":"XF","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2769-1","name":"USN-2769-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-2769-1: Apache Commons HttpClient vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1888.html","name":"RHSA-2015:1888","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1146.html","name":"RHSA-2014:1146","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","refsource":"CONFIRM","tags":[],"title":"CPU July 2018","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html","name":"RHSA-2015:1176","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/10/06/1","name":"[oss-security] 20211006 Multiple vulnerabilities in Jenkins and Jenkins plugins","refsource":"MLIST","tags":[],"title":"oss-security - Multiple vulnerabilities in Jenkins and Jenkins plugins","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/69258","name":"69258","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://access.redhat.com/solutions/1165533","name":"https://access.redhat.com/solutions/1165533","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Do CVE-2012-6153 and CVE-2014-3577 affect Red Hat products? - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/110143","name":"110143","refsource":"OSVDB","tags":["Broken Link"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","name":"RHSA-2015:0850","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html","name":"RHSA-2015:1177","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/60589","name":"60589","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"Security Advisory SA60589 - Red Hat update for httpcomponents-client - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1030812","name":"1030812","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Red Hat JBoss Certificate Validation Flaw Lets Remote Users Spoof SSL Servers - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60466","name":"60466","refsource":"SECUNIA","tags":["Third Party Advisory"],"title":"About Secunia Research | Flexera","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html","refsource":"","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564","name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Document Display | HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","name":"RHSA-2015:0675","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","name":"RHSA-2015:0851","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1931.html","name":"RHSA-2016:1931","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html","name":"openSUSE-SU-2020:1875","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1875-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20231027-0003/","name":"https://security.netapp.com/advisory/ntap-20231027-0003/","refsource":"CONFIRM","tags":[],"title":"CVE-2014-3577 Apache HttpComponents HttpClient Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0125.html","name":"RHSA-2015:0125","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1836.html","name":"RHSA-2014:1836","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0158.html","name":"RHSA-2015:0158","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E","name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1891.html","name":"RHSA-2014:1891","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E","name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html","name":"RHSA-2015:0720","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1833.html","name":"RHSA-2014:1833","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1834.html","name":"RHSA-2014:1834","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2014-1166.html","name":"RHSA-2014:1166","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E","name":"[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-3577","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3577","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"3577","vulnerable":"1","versionEndIncluding":"4.0.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"httpasyncclient","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3577","vulnerable":"1","versionEndIncluding":"4.3.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"httpclient","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2014-3577","qid":"20269","title":"IBM DB2 Multiple Vulnerabilities (6466365)"},{"cve":"CVE-2014-3577","qid":"20330","title":"IBM DB2 Secure Sockets Layer (SSL) Server Spoofing Vulnerability (6953757)"},{"cve":"CVE-2014-3577","qid":"240138","title":"Red Hat OpenShift Container Platform 4.1 Security Update (RHSA-2022:0055)"},{"cve":"CVE-2014-3577","qid":"375670","title":"IBM WebSphere Application Server Multiple Vulnerabilities (6453091)"},{"cve":"CVE-2014-3577","qid":"690202","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for jenkins (9bad457e-b396-4452-8773-15bec67e1ceb)"},{"cve":"CVE-2014-3577","qid":"730235","title":"Jenkins Core Security Update (Jenkins Security Advisory 2021-10-06)"},{"cve":"CVE-2014-3577","qid":"770138","title":"Red Hat OpenShift Container Platform 4.1 Security Update (RHSA-2022:0055)"},{"cve":"CVE-2014-3577","qid":"980486","title":"Java (maven) Security Update for org.apache.httpcomponents:httpclient (GHSA-cfh5-3ghh-wfjx)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2014-3577","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"CN=\" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the \"foo,CN=www.apache.org\" string in the O field."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"RHSA-2014:1891","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2014-1891.html"},{"name":"RHSA-2015:0765","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0765.html"},{"name":"https://access.redhat.com/solutions/1165533","refsource":"CONFIRM","url":"https://access.redhat.com/solutions/1165533"},{"name":"110143","refsource":"OSVDB","url":"http://www.osvdb.org/110143"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"name":"RHSA-2015:0675","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"name":"60713","refsource":"SECUNIA","url":"http://secunia.com/advisories/60713"},{"name":"http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html"},{"name":"RHSA-2015:0720","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0720.html"},{"name":"RHSA-2014:1166","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2014-1166.html"},{"name":"RHSA-2015:1888","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-1888.html"},{"name":"RHSA-2014:1833","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2014-1833.html"},{"name":"RHSA-2015:0850","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"name":"RHSA-2015:0158","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0158.html"},{"name":"RHSA-2014:1834","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2014-1834.html"},{"name":"60466","refsource":"SECUNIA","url":"http://secunia.com/advisories/60466"},{"name":"RHSA-2015:0125","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0125.html"},{"name":"RHSA-2015:1176","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"},{"name":"RHSA-2016:1931","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2016-1931.html"},{"name":"RHSA-2014:1146","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2014-1146.html"},{"name":"RHSA-2015:1177","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"},{"name":"69258","refsource":"BID","url":"http://www.securityfocus.com/bid/69258"},{"name":"RHSA-2014:1892","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2014-1892.html"},{"name":"RHSA-2015:0851","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564","refsource":"CONFIRM","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"},{"name":"RHSA-2014:1835","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2014-1835.html"},{"name":"1030812","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1030812"},{"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782","refsource":"CONFIRM","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782"},{"name":"USN-2769-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-2769-1"},{"name":"60589","refsource":"SECUNIA","url":"http://secunia.com/advisories/60589"},{"name":"RHSA-2014:1836","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2014-1836.html"},{"name":"apache-cve20143577-spoofing(95327)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/95327"},{"name":"20140818 CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2014/Aug/48"},{"name":"RHSA-2016:1773","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2016-1773.html"},{"refsource":"MLIST","name":"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities","url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"},{"refsource":"MLIST","name":"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities","url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"},{"refsource":"MLIST","name":"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities","url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"},{"refsource":"MLIST","name":"[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html","url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"refsource":"MLIST","name":"[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html","url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"refsource":"MLIST","name":"[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html","url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1873","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1875","url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html"},{"refsource":"MLIST","name":"[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html","url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"refsource":"MLIST","name":"[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html","url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"refsource":"MLIST","name":"[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html","url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"refsource":"MLIST","name":"[oss-security] 20211006 Multiple vulnerabilities in Jenkins and Jenkins plugins","url":"http://www.openwall.com/lists/oss-security/2021/10/06/1"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20231027-0003/","url":"https://security.netapp.com/advisory/ntap-20231027-0003/"}]}},"nvd":{"publishedDate":"2014-08-21 14:55:00","lastModifiedDate":"2023-11-07 02:20:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:httpclient:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndIncluding":"4.3.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:httpasyncclient:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndIncluding":"4.0.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"3577","Ordinal":"70530","Title":"CVE-2014-3577","CVE":"CVE-2014-3577","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"3577","Ordinal":"1","NoteData":"org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"CN=\" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the \"foo,CN=www.apache.org\" string in the O field.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"3577","Ordinal":"2","NoteData":"2014-08-21","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"3577","Ordinal":"3","NoteData":"2021-10-06","Type":"Other","Title":"Modified"}]}}}