Review

Detector:

Findbugs

Target:

project '

commons-httpclient

' version

4.2.1

Tags:

Potential Misuse

Anomaly identified by the detector. Please review whether this anomaly corresponds to a misuse.

Finding:	finding-4
In File:	org/apache/http/conn/ssl/AllowAllHostnameVerifier.java
In Method:	verify(String, String[], String[])
Code with Finding:	`class AllowAllHostnameVerifier { public final void verify( final String host, final String[] cns, final String[] subjectAlts) { // Allow everything - so never blowup. } }`

Hit	Rank	Desc	Type	Violations
Yes	4	SECWHV: HostnameVerifier that accept any signed certificates makes communication vulnerable to a MITM attack	WEAK_HOSTNAME_VERIFIER

Reviewer Name:	vidya
Comment: