Lucene search

Basic search
Lucene search
Search by product

Vendors

Products

FreeBSD9BAD457E-B396-4452-8773-15BEC67E1CEB

HistoryOct 06, 2021 - 12:00 a.m.

jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library

2021-10-0600:00:00

vuxml.freebsd.org

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.4%

JSON

Jenkins Security Advisory:

Description
(Medium) SECURITY-2475 / CVE-2014-3577
Jenkins core bundles vulnerable version of the commons-httpclient library

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchjenkins< 2.315UNKNOWN
FreeBSDanynoarchjenkins-lts< 2.303.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	jenkins	< 2.315	UNKNOWN
FreeBSD	any	noarch	jenkins-lts	< 2.303.2	UNKNOWN

References

www.jenkins.io/security/advisory/2021-10-06/

nessus 32

securityvulns 3

ibm 67

ubuntucve 2

centos 2

openvas 26

oraclelinux 2

redhat 30

osv 2

f5 3

cve 1

github 1

veracode 1

debiancve 1

prion 1

atlassian 2

suse 2

mageia 2

fedora 4

freebsd 1

debian 1

amazon 1

photon 2

ubuntu 1

oracle 1

nessus

CentOS 5 / 6 / 7 : jakarta-commons-httpclient (CESA-2014:1166)

2014-09-09 00:00:00

FreeBSD : jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library (9bad457e-b396-4452-8773-15bec67e1ceb)

2021-10-08 00:00:00

RHEL 7 : httpcomponents-client (RHSA-2014:1146)

2014-09-04 00:00:00

securityvulns

Apache HttpClient certificate checking bypass

2014-08-18 00:00:00

CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack

2014-08-18 00:00:00

[USN-2769-1] Apache Commons HttpClient

2015-10-25 00:00:00

ibm

Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpComponents HttpClient

2019-01-04 23:10:01

Security Bulletin: IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. (CVE-2014-3577)

2023-02-08 14:22:48

Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name

2020-08-04 18:41:17

ubuntucve

CVE-2014-3577

2014-08-21 00:00:00

CVE-2012-5783

2012-11-04 00:00:00

centos

jakarta security update

2014-09-08 16:54:16

httpcomponents security update

2014-09-03 23:09:02

openvas

Oracle: Security Advisory (ELSA-2014-1166)

2015-10-06 00:00:00

Oracle: Security Advisory (ELSA-2014-1146)

2015-10-06 00:00:00

Jenkins < 2.303.2, < 2.315 HTTP Library Vulnerability - Linux

2021-10-08 00:00:00

oraclelinux

jakarta-commons-httpclient security update

2014-09-08 00:00:00

httpcomponents-client security update

2014-09-03 00:00:00

redhat

(RHSA-2014:1146) Important: httpcomponents-client security update

2014-09-03 00:00:00

(RHSA-2014:1166) Important: jakarta-commons-httpclient security update

2014-09-08 00:00:00

(RHSA-2014:1891) Important: Red Hat JBoss BRMS 6.0.3 security update

2014-11-24 20:43:48

osv

Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient

2018-10-17 00:05:06

commons-httpclient - security update

2015-05-19 00:00:00

SOL15737 - Apache vulnerability CVE-2014-3577

2014-10-23 00:00:00

K15737 : Apache vulnerability CVE-2014-3577

2014-10-23 00:00:00

SOL15364328 - Apache vulnerabilities CVE-2012-5783, CVE-2012-6153, and CVE-2014-3577

2016-02-02 00:00:00

cve

CVE-2014-3577

2014-08-21 14:55:00

github

Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient

2018-10-17 00:05:06

veracode

Improper Certificate Common Name Verification Allows Spoofing SSL Servers

2019-01-15 09:00:42

debiancve

CVE-2014-3577

2014-08-21 14:55:00

prion

Design/Logic Flaw

2014-08-21 14:55:00

atlassian

Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support

2015-05-12 07:34:43

Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support

2015-05-12 07:34:43

suse

Security update for apache-commons-httpclient (important)

2020-11-07 00:00:00

Security update for apache-commons-httpclient (important)

2020-11-08 00:00:00

mageia

Updated Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities

2014-08-25 12:44:11

Updated cxf packages fix security vulnerabilities

2014-12-31 15:28:04

fedora

[SECURITY] Fedora 20 Update: httpcomponents-client-4.2.5-4.fc20

2014-08-30 03:58:27

[SECURITY] Fedora 19 Update: httpcomponents-client-4.2.5-4.fc19

2014-08-30 03:57:30

[SECURITY] Fedora 20 Update: jakarta-commons-httpclient-3.1-15.fc20

2014-08-27 01:31:46

freebsd

Axis2 -- Security vulnerabilities on dependency Apache HttpClient

2012-12-06 00:00:00

debian

[SECURITY] [DLA 222-1] commons-httpclient security update

2015-05-19 15:18:39

amazon

Important: jakarta-commons-httpclient

2014-09-17 21:47:00

photon

Moderate Photon OS Security Update - PHSA-2020-0141

2020-09-17 00:00:00

Moderate Photon OS Security Update - PHSA-2020-3.0-0141

2020-09-17 00:00:00

ubuntu

Apache Commons HttpClient vulnerabilities

2015-10-14 00:00:00

oracle

CPU July 2018

2018-07-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for 9BAD457E-B396-4452-8773-15BEC67E1CEB