Apache Maven 3.0.4 with Maven Wagon 2.1 SSL Certificate Spoofing Vulnerability

Apache Maven 3.0.4 with Maven Wagon 2.1 SSL Certificate Spoofing Vulnerability

CVE-2013-0253 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

Learn more about our Cis Benchmark Audit For Apache Http Server.