Apache HttpComponents (prior to revision 4.3.5/4.0.2) may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used.
889514603cc555b13c01e72b05be1ebefa0cbf2ff89b15aa2ff8b3f9c2602bf1
Mandriva Linux Security Advisory 2014-170 - Updated jakarta-commons-httpclient and httpcomponents-client packages The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used.
116796f502a4a28c6bc079a5cec811f6f2804bb347547540e5d4aaf676368443
Secunia Security Advisory - A security issue has been reported in Apache HttpComponents HttpClient, which can be exploited by malicious people to disclose potentially sensitive information.
888f5795d64b46a2e920e1258442f2267c7162469efe9630f79bc59ace44df01