CVE-2013-0253

Published: Apr 9, 2013Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

Affected (1)

Products: Apache: Maven

Apache

1 product

Maven

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apache Maven	Version 3.0.4

Running on/with	Platform Versions
Apache Maven Wagon	Version 2.1

Related CWEs

CWE-16

References (8)

http://rhn.redhat.com/errata/RHSA-2013-0700.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=917084

Source: secalert@redhat.com

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E

Source: secalert@redhat.com

https://maven.apache.org/security.html

Source: secalert@redhat.com

PatchVendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0700.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=917084

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://maven.apache.org/security.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.