Vulnerability Description
The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
CVSS Score
5.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Maven | 3.0.4 |
| Apache | Maven Wagon | 2.1 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-0700.html
- https://bugzilla.redhat.com/show_bug.cgi?id=917084
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd9
- https://maven.apache.org/security.htmlPatchVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0700.html
- https://bugzilla.redhat.com/show_bug.cgi?id=917084
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd9
- https://maven.apache.org/security.htmlPatchVendor Advisory
FAQ
What is CVE-2013-0253?
CVE-2013-0253 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
How severe is CVE-2013-0253?
CVE-2013-0253 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0253?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Maven, Apache Maven Wagon.