Amazon Linux: Security Advisory (ALAS-2013-169)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 222-1] commons-httpclient security update

Package : commons-httpclient Version : 3.1-9+deb6u1 CVE ID : CVE-2012-5783 CVE-2012-6153 CVE-2014-3577 CVE-2012-5783 and CVE-2012-6153 Apache Commons HttpClient 3.1 did not verify that the server hostname matches a domain name in the subjects Common Name CN or subjectAltName field of the X.509...

DLA-222-1 commons-httpclient - security update

Bulletin has no description...

Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support

Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...

Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support

Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...

IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in 'Apache Commons HttpClient' that allows a man-in-the-middle attacker to spoof SSL servers via a certificate with a subject...

serf / Apache httpcomponents HttpClient / Jakarta Commons HttpClient SSL validation bypass

Invalid parsing of certificates with NUL character in CN...

[ MDVSA-2014:170 ] jakarta-commons-httpclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:170 http://www.mandriva.com/en/support/security/ Package : jakarta-commons-httpclient Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated jakarta-commons-httpclient and...

Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2014-410)

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

Important: jakarta-commons-httpclient

Issue Overview: Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Mandriva Linux Security Advisory : jakarta-commons-httpclient (MDVSA-2014:170)

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability : The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS wh...

CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for jakarta-commons-httpclient RHSA-2014:1166-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 5 / 6 / 7 : jakarta-commons-httpclient (RHSA-2014:1166)

Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 5 / 6 / 7 : jakarta-commons-httpclient (ELSA-2014-1166)

The remote Oracle Linux 5 / 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-1166 advisory. 1:3.1-16 - Fix MITM security vulnerability - Resolves: CVE-2014-3577 Tenable has extracted the preceding description block directly from the Oracle Linu...

CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

jakarta security update

CentOS Errata and Security Advisory CESA-2014:1166 Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...

CVE-2012-6153

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

CVE-2012-6153

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...