Apache HttpComponents (prior to revision 4.3.5/4.0.2) may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used.
889514603cc555b13c01e72b05be1ebefa0cbf2ff89b15aa2ff8b3f9c2602bf1