Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4923D07E52C885F6C3F3907B3EA91BCD53A6E0CDEB066EB9B1FC0E8A7B534189
HistoryMay 06, 2020 - 11:57 a.m.

Security Bulletin: Vulnerability from Apache HttpComponents affects IBM Cloud Pak System (CVE-2011-1498, CVE-2015-5262)

2020-05-0611:57:04
www.ibm.com
6

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Summary

Multiple vulnerabilities have been identified Apache HttpComponents shipped with IBM Cloud Pak System.

Vulnerability Details

CVEID:CVE-2011-1498
**DESCRIPTION:**Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/66241 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:CVE-2015-5262
**DESCRIPTION:**http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/106932 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM PureApplication System 2.3, 2.3.0.1

Remediation/Fixes

For IBM Cloud Pak System V2.3.0 and V2.3.0.1, upgrade to V2.3.1.1.

Information on upgrading can be found here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.

Workarounds and Mitigations

None

Related

ibm 42
openvas 16
debiancve 3
github 3
cve 3
prion 3
fedora 4
osv 5
ubuntucve 3
nessus 15
debian 1
mageia 1
securityvulns 2
redhatcve 1
suse 2
photon 2
ubuntu 1
oracle 1
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-1498, CVE-2014-3577, CVE-2015-5262)
2018-06-16 22:06:30
Security Bulletin: Multiple Vulnerabilities in Apache HttpComponents and HttpCommons affect WebSphere Application Server
2021-05-13 20:09:44
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)
2021-05-18 09:39:22
openvas
openvas
Fedora Update for httpcomponents-client FEDORA-2011-7747
2011-07-12 00:00:00
Fedora Update for httpcomponents-client FEDORA-2011-7747
2011-07-12 00:00:00
Huawei EulerOS: Security Advisory for jakarta-commons-httpclient (EulerOS-SA-2019-2397)
2020-01-23 00:00:00
debiancve
debiancve
CVE-2011-1498
2011-07-07 21:55:00
CVE-2015-5262
2015-10-27 16:59:00
CVE-2018-1000872
2018-12-20 17:29:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
2022-05-17 05:39:03
Denial of service vulnerability in org.apache.httpcomponents:httpclient
2018-10-17 00:05:29
PyKMIP Denial of service vulnerability
2018-12-21 17:46:39
cve
cve
CVE-2011-1498
2011-07-07 21:55:00
CVE-2015-5262
2015-10-27 16:59:00
CVE-2018-1000872
2018-12-20 17:29:00
prion
prion
Authorization
2011-07-07 21:55:00
Design/Logic Flaw
2015-10-27 16:59:00
Design/Logic Flaw
2018-12-20 17:29:00
fedora
fedora
[SECURITY] Fedora 15 Update: httpcomponents-client-4.1.1-2.fc15
2011-06-15 05:35:09
[SECURITY] Fedora 23 Update: jakarta-commons-httpclient-3.1-23.fc23
2015-10-01 16:55:47
[SECURITY] Fedora 21 Update: jakarta-commons-httpclient-3.1-20.fc21
2015-10-01 20:27:13
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
2022-05-17 05:39:03
Denial of service vulnerability in org.apache.httpcomponents:httpclient
2018-10-17 00:05:29
PYSEC-2018-22
2018-12-20 17:29:00
ubuntucve
ubuntucve
CVE-2011-1498
2011-07-07 00:00:00
CVE-2015-5262
2015-09-30 00:00:00
CVE-2018-1000872
2018-12-20 00:00:00
nessus
nessus
IBM WebSphere Application Server 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.20 / 9.0.x < 9.0.5.8 Multiple Vulnerabilities
2021-05-20 00:00:00
Fedora 15 : httpcomponents-client-4.1.1-2.fc15 (2011-7747)
2011-06-16 00:00:00
Fedora 22 : jakarta-commons-httpclient-3.1-23.fc22 (2015-15589)
2015-10-02 00:00:00
debian
debian
[SECURITY] [DLA 322-1] commons-httpclient security update
2015-10-01 08:24:15
mageia
mageia
Updated jakarta-commons-httpclient and httpcomponents-client packages fixes security vulnerability
2015-10-09 21:47:39
securityvulns
securityvulns
Apache Commons HttpClient DoS
2015-10-25 00:00:00
[USN-2769-1] Apache Commons HttpClient
2015-10-25 00:00:00
redhatcve
redhatcve
CVE-2018-1000872
2019-01-11 21:19:42
suse
suse
Security update for apache-commons-httpclient (important)
2020-11-07 00:00:00
Security update for apache-commons-httpclient (important)
2020-11-08 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0141
2020-09-17 00:00:00
Moderate Photon OS Security Update - PHSA-2020-3.0-0141
2020-09-17 00:00:00
ubuntu
ubuntu
Apache Commons HttpClient vulnerabilities
2015-10-14 00:00:00
oracle
oracle
CPU July 2018
2018-07-17 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON
Related for 4923D07E52C885F6C3F3907B3EA91BCD53A6E0CDEB066EB9B1FC0E8A7B534189
ibm42openvas16debiancve3github3cve3prion3fedora4osv5ubuntucve3nessus15debian1mageia1securityvulns2redhatcve1suse2photon2ubuntu1oracle1