CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

83 matches found

Tenable Nessus•added 2015/10/15 12:0 a.m.•35 views

Ubuntu 14.04 LTS : Apache Commons HttpClient vulnerabilities (USN-2769-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2769-1 advisory. It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker coul...

5.8CVSS6.4AI score0.19312EPSS

Exploits1References5

OpenVAS•added 2015/10/15 12:0 a.m.•34 views

Ubuntu: Security Advisory (USN-2769-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS7AI score0.19312EPSS

Exploits1References2

Ubuntu•added 2015/10/14 3:43 p.m.•348 views

USN-2769-1: Apache Commons HttpClient vulnerabilities

It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. This issue only affect...

5.8CVSS6.5AI score0.19312EPSS

Exploits1

OSV•added 2015/05/16 12:0 a.m.•32 views

DLA-222-1 commons-httpclient - security update

Bulletin has no description...

5.8CVSS6.6AI score0.09254EPSS

Exploits1

Tenable Nessus•added 2015/04/17 12:0 a.m.•46 views

IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in 'Apache Commons HttpClient' that allows a man-in-the-middle attacker to spoof SSL servers via a certificate with a subject...

6.5CVSS6.5AI score0.09149EPSS

Exploits1References10

Amazon•added 2014/09/17 12:0 a.m.•56 views

Important: jakarta-commons-httpclient

Issue Overview: Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.1AI score0.09254EPSS

Exploits1

NVD•added 2014/09/04 5:55 p.m.•23 views

CVE-2012-6153

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

4.3CVSS5.8AI score0.05796EPSS

Exploits0References21

OSV•added 2014/09/04 5:55 p.m.•7 views

CVE-2012-6153

6AI score

Exploits0References22

OSV•added 2014/09/04 5:55 p.m.•2 views

DEBIAN-CVE-2012-6153

4.3CVSS6.3AI score0.05796EPSS

Exploits0References1

Prion•added 2014/09/04 5:55 p.m.•27 views

Design/Logic Flaw

4.3CVSS7.4AI score0.09254EPSS

Exploits0References21Affected Software1

Cvelist•added 2014/09/04 5:0 p.m.•29 views

CVE-2012-6153

5.9AI score0.05796EPSS

Exploits0References21

CVE•added 2014/09/04 5:0 p.m.•220 views

CVE-2012-6153

Apache Commons HttpClient before 4.2.3 fails to verify that the server hostname matches the domain name in the certificate’s CN/subjectAltName (AbstractVerifier.java), enabling MITM SSL spoofing. This is a follow-on to an incomplete fix for CVE-2012-5783; the issue has affected various Java deplo...

4.3CVSS5.9AI score0.05796EPSS

Exploits0References21Affected Software1

Debian CVE•added 2014/09/04 5:0 p.m.•44 views

CVE-2012-6153

4.3CVSS6.6AI score0.05796EPSS

Exploits0

UbuntuCve•added 2014/09/04 12:0 a.m.•38 views

CVE-2012-6153

4.3CVSS6.5AI score0.05796EPSS

Exploits0References2

RedHat Linux•added 2013/12/17 6:30 p.m.•1 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS

Exploits0References4

RedHat Linux•added 2013/08/08 5:4 p.m.•3 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

5.8CVSS7.2AI score0.09254EPSS

Exploits0References4

RedHat Linux•added 2013/03/25 5:4 p.m.•2 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

5.8CVSS7.2AI score0.09254EPSS

Exploits0References4

NVD•added 2012/11/04 10:55 p.m.•21 views

CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

5.8CVSS6.3AI score0.09254EPSS

Exploits0References18

OSV•added 2012/11/04 10:55 p.m.•3 views

DEBIAN-CVE-2012-5783

5.8CVSS9.1AI score0.09254EPSS

Exploits0References1

Cvelist•added 2012/11/04 10:0 p.m.•24 views

CVE-2012-5783

6.7AI score0.09254EPSS

Exploits0References18

Rows per page