关键漏洞信息 CVE Identifier: CVE-2014-3577, CVE-2012-6153, CVE-2012-5783, CVE-2014-3577 Vulnerability Type: SSL Hostname Verification Bypass Affected Components: - Apache HttpComponents Client - Apache CXF Description: - The fix for CVE-2012-5783 was incomplete, leading to a flawed check of the server hostname against the domain name in the subject's CN field. This enables a Man-in-the-Middle (MITM) attack. Patches/Updates: - Various RHSA advisories listed in the comments section. - RHSA-2014-1162 - RHSA-2014-1834 - Others as detailed in the comments. Timeline: - Reported: 2014-08-14 - Last Closed: 2016-03-11 - Multiple updates and patches released over time. Impact: - High security impact, could lead to MITM attacks. Resolution Status: - Closed with errata - Fixed in Version: httpcomponents-client 4.2.3 The screenshot provides detailed comments on the resolution and tracking of updates across various affected products.