191 matches found
CVE-2017-1000402
Summary (supported by provided documents): Jenkins Swarm Plugin Client 3.4 and earlier bundled Apache Commons HttpClient with the vulnerability CVE-2012-6153, which causes improper verification of the server SSL certificate hostname. This leads to susceptibility to man‑in‑the‑middle attacks. The ...
CVE-2017-1000396
CVE-2017-1000396 affects Jenkins 2.73.1 and earlier (up to 2.83) via a bundled commons-httpclient where CVE-2012-6153 allowed MITM due to improper SSL hostname verification. The vulnerability is conveyed through transitive dependencies in plugins. The fix for CVE-2012-6153 was backported to the c...
CVE-2017-1000397
CVE-2017-1000397 affects Jenkins Maven Plugin versions up to 2.17, which bundled Commons HttpClient that is vulnerable to CVE-2012-6153 due to improper SSL certificate verification, enabling MITM attacks. The issue is tied to the plugin’s transitive dependency on Commons HttpClient; Maven Plugin ...
CVE-2017-1000396
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Ubuntu 14.04 LTS : Apache Commons HttpClient vulnerabilities (USN-2769-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2769-1 advisory. It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker coul...
Ubuntu: Security Advisory (USN-2769-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2769-1: Apache Commons HttpClient vulnerabilities
It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. This issue only affect...
Oracle: Security Advisory (ELSA-2014-1166)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2013-0270)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 22 : jakarta-commons-httpclient-3.1-23.fc22 (2015-15589)
This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SOTIMEOUT parameter during SSL handshake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora 23 : jakarta-commons-httpclient-3.1-23.fc23 (2015-15590)
This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SOTIMEOUT parameter during SSL handshake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Debian DLA-322-1 : commons-httpclient security update
Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization code in commons-httpclient. This upload fixes this issue by respecting the...
Fedora 21 : jakarta-commons-httpclient-3.1-20.fc21 (2015-15588)
This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SOTIMEOUT parameter during SSL handshake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora Update for jakarta-commons-httpclient FEDORA-2015-15588
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for jakarta-commons-httpclient FEDORA-2015-15589
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 22 Update: jakarta-commons-httpclient-3.1-23.fc22
The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...
[SECURITY] [DLA 322-1] commons-httpclient security update
Package : commons-httpclient Version : 3.1-9+deb6u2 CVE ID : CVE-2015-5262 Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization...
Amazon Linux: Security Advisory (ALAS-2014-410)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...