Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:0158
HistoryJul 13, 2014 - 12:00 a.m.

(RHSA-2015:0158) Important: Red Hat Enterprise Virtualization Manager 3.5.0

2014-07-1300:00:00
access.redhat.com
22

EPSS

0.004

Percentile

73.3%

JSON

Red Hat Enterprise Virtualization Manager is a visual tool for centrally
managing collections of virtual servers running Red Hat Enterprise Linux
and Microsoft Windows. This package also includes the Red Hat Enterprise
Virtualization Manager API, a set of scriptable commands that give
administrators the ability to perform queries and operations on Red Hat
Enterprise Virtualization Manager.

The Manager is a JBoss Application Server application that provides several
interfaces through which the virtual environment can be accessed and
interacted with, including an Administration Portal, a User Portal, and a
Representational State Transfer (REST) Application Programming Interface
(API).

It was discovered that the HttpClient incorrectly extracted the host name
from an X.509 certificate subject’s Common Name (CN) field.
A man-in-the-middle attacker could use this flaw to spoof an SSL server
using a specially crafted X.509 certificate. (CVE-2012-6153, CVE-2014-3577)

A Cross-Site Request Forgery (CSRF) flaw was found in the oVirt REST API.
A remote attacker could provide a specially crafted web page that, when
visited by a user with a valid REST API session, would allow the attacker
to trigger calls to the oVirt REST API. (CVE-2014-0151)

It was found that the oVirt web admin interface did not include the
HttpOnly flag when setting session IDs with the Set-Cookie header.
This flaw could make it is easier for a remote attacker to hijack an oVirt
web admin session by leveraging a cross-site scripting (XSS) vulnerability.
(CVE-2014-0154)

The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat
Product Security.

These updated Red Hat Enterprise Virtualization Manager packages also
include numerous bug fixes and various enhancements. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Enterprise Virtualization 3.5 Manager Release Notes document,
linked to in the References, for information on the most significant of
these changes.

All Red Hat Enterprise Virtualization Manager users are advised to upgrade
to these updated packages, which resolve these issues and add these
enhancements.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchrhevm-lib< 3.5.0-0.29.el6evrhevm-lib-3.5.0-0.29.el6ev.noarch.rpm
RedHat6noarchrhevm-extensions-api-impl< 3.5.0-0.29.el6evrhevm-extensions-api-impl-3.5.0-0.29.el6ev.noarch.rpm
RedHat6noarchrhevm-setup-plugin-websocket-proxy< 3.5.0-0.29.el6evrhevm-setup-plugin-websocket-proxy-3.5.0-0.29.el6ev.noarch.rpm
RedHat6noarchrhevm-setup-base< 3.5.0-0.29.el6evrhevm-setup-base-3.5.0-0.29.el6ev.noarch.rpm
RedHat6noarchrhevm-tools< 3.5.0-0.29.el6evrhevm-tools-3.5.0-0.29.el6ev.noarch.rpm
RedHat6noarchrhevm-setup-plugin-ovirt-engine< 3.5.0-0.29.el6evrhevm-setup-plugin-ovirt-engine-3.5.0-0.29.el6ev.noarch.rpm
RedHat6noarchrhevm< 3.5.0-0.29.el6evrhevm-3.5.0-0.29.el6ev.noarch.rpm
RedHat6noarchrhevm-userportal< 3.5.0-0.29.el6evrhevm-userportal-3.5.0-0.29.el6ev.noarch.rpm
RedHat6noarchrhevm-extensions-api-impl-javadoc< 3.5.0-0.29.el6evrhevm-extensions-api-impl-javadoc-3.5.0-0.29.el6ev.noarch.rpm
RedHat6noarchrhevm-websocket-proxy< 3.5.0-0.29.el6evrhevm-websocket-proxy-3.5.0-0.29.el6ev.noarch.rpm
Rows per page:
1-10 of 181

Related

nessus 29
ibm 44
freebsd 2
redhat 16
fedora 4
openvas 26
securityvulns 5
mageia 3
f5 6
amazon 1
debian 1
ubuntucve 4
osv 9
ubuntu 1
cvelist 7
cve 7
prion 7
seebug 1
nvd 7
veracode 2
oraclelinux 2
centos 2
debiancve 2
github 5
redhatcve 2
suse 2
atlassian 2
nessus
nessus
RHEL 6 : Virtualization Manager (RHSA-2015:0158)
2015-09-01 00:00:00
RHEL 5 / 6 : JBoss EAP (RHSA-2014:1834)
2014-11-12 00:00:00
RHEL 5 / 6 : JBoss EWP (RHSA-2014:1833)
2014-11-12 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM InfoSphere Information Server (CVE-2012-6153 CVE-2014-3577)
2018-06-16 13:40:12
Security Bulletin: Public disclosed vulnerabilities from Apache HttpComponents affects IBM Spectrum LSF
2019-03-01 14:10:02
Security Bulletin: Apache HTTPComponents vulnerabilities in WebSphere Application Server (CVE-2012-6153, CVE-2014-3577)
2018-06-15 07:03:46
freebsd
freebsd
Axis2 -- Security vulnerabilities on dependency Apache HttpClient
2012-12-06 00:00:00
jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library
2021-10-06 00:00:00
redhat
redhat
(RHSA-2014:1834) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update
2014-11-10 00:00:00
(RHSA-2014:1892) Important: Red Hat JBoss BPM Suite 6.0.3 update
2014-11-24 20:44:18
(RHSA-2016:1931) Important: Red Hat JBoss Fuse/A-MQ 6.2.1 security and bug fix update
2016-09-23 20:29:27
fedora
fedora
[SECURITY] Fedora 20 Update: httpcomponents-client-4.2.5-4.fc20
2014-08-30 03:58:27
[SECURITY] Fedora 19 Update: httpcomponents-client-4.2.5-4.fc19
2014-08-30 03:57:30
[SECURITY] Fedora 19 Update: jakarta-commons-httpclient-3.1-15.fc19
2014-08-27 01:28:57
openvas
openvas
CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos6
2014-09-09 00:00:00
Fedora Update for httpcomponents-client FEDORA-2014-9629
2014-08-31 00:00:00
RedHat Update for httpcomponents-client RHSA-2014:1146-01
2014-09-04 00:00:00
securityvulns
securityvulns
CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
2014-08-18 00:00:00
[USN-2769-1] Apache Commons HttpClient
2015-10-25 00:00:00
[ MDVSA-2014:170 ] jakarta-commons-httpclient
2014-10-15 00:00:00
mageia
mageia
Updated Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities
2014-08-25 12:44:11
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability
2014-08-25 12:44:11
Updated cxf packages fix security vulnerabilities
2014-12-31 15:28:04
f5
f5
SOL15364328 - Apache vulnerabilities CVE-2012-5783, CVE-2012-6153, and CVE-2014-3577
2016-02-02 00:00:00
K15737 : Apache vulnerability CVE-2014-3577
2014-10-23 00:00:00
SOL15737 - Apache vulnerability CVE-2014-3577
2014-10-23 00:00:00
amazon
amazon
Important: jakarta-commons-httpclient
2014-09-17 21:47:00
debian
debian
[SECURITY] [DLA 222-1] commons-httpclient security update
2015-05-19 15:18:39
ubuntucve
ubuntucve
CVE-2012-5783
2012-11-04 00:00:00
CVE-2014-3577
2014-08-21 00:00:00
CVE-2012-6153
2014-09-04 00:00:00
osv
osv
commons-httpclient - security update
2015-05-19 00:00:00
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
2018-10-17 00:05:06
Improper Certificate Validation in Jenkins
2022-05-14 01:04:35
ubuntu
ubuntu
Apache Commons HttpClient vulnerabilities
2015-10-14 00:00:00
cvelist
cvelist
CVE-2014-0151
2015-02-13 15:00:00
CVE-2014-3577
2014-08-21 00:00:00
CVE-2014-0154
2015-02-13 15:00:00
cve
cve
CVE-2014-0151
2015-02-13 15:59:01
CVE-2014-3577
2014-08-21 14:55:05
CVE-2014-0154
2015-02-13 15:59:03
prion
prion
Design/Logic Flaw
2014-08-21 14:55:00
Cross site request forgery (csrf)
2015-02-13 15:59:00
Design/Logic Flaw
2015-02-13 15:59:00
seebug
seebug
oVirt会话固定漏洞
2014-04-03 00:00:00
nvd
nvd
CVE-2014-0151
2015-02-13 15:59:01
CVE-2014-3577
2014-08-21 14:55:05
CVE-2014-0154
2015-02-13 15:59:03
veracode
veracode
Improper Certificate Common Name Verification Allows Spoofing SSL Servers
2019-01-15 09:00:42
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 08:59:46
oraclelinux
oraclelinux
httpcomponents-client security update
2014-09-03 00:00:00
jakarta-commons-httpclient security update
2014-09-08 00:00:00
centos
centos
httpcomponents security update
2014-09-03 23:09:02
jakarta security update
2014-09-08 16:54:16
debiancve
debiancve
CVE-2014-3577
2014-08-21 14:55:05
CVE-2012-6153
2014-09-04 17:55:04
github
github
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
2018-10-17 00:05:06
Improper Certificate Validation in Jenkins
2022-05-14 01:04:35
MitM on Jenkins Maven Plugin
2022-05-14 03:45:43
redhatcve
redhatcve
CVE-2017-1000396
2017-11-21 11:21:17
CVE-2017-1000402
2017-11-21 11:23:42
suse
suse
Security update for apache-commons-httpclient (important)
2020-11-08 00:00:00
Security update for apache-commons-httpclient (important)
2020-11-07 00:00:00
atlassian
atlassian
Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support
2015-05-12 07:34:43
Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support
2015-05-12 07:34:43

EPSS

0.004

Percentile

73.3%

JSON
Related for RHSA-2015:0158
nessus29ibm44freebsd2redhat16fedora4openvas26securityvulns5mageia3f56amazon1debian1ubuntucve4osv9ubuntu1cvelist7cve7prion7seebug1nvd7veracode2oraclelinux2centos2debiancve2github5redhatcve2suse2atlassian2