CVE-2013-0253 Apache Maven Severity: Medium Vendor: The Apache Software Foundation Versions Affected: - Apache Maven 3.0.4 - Apache Maven Wagon 2.1, 2.2, 2.3 Description: Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack. All users are recommended to upgrade to Apache Maven 3.0.5 and Apache Maven Wagon 2.4. Credit This issue was identified by Graham Leggett -- The Apache Maven Team