4458 matches found
Oracle Linux 5 : Important: / tomcat (ELSA-2007-0327)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0327 advisory. jakarta-commons-modeler-1.1-8jpp.1.0.2.el5 1.1-8jpp.1.0.2.el5 - rebuild after the fix for bug 238139 made it into the build root - Resolves: bug 238694...
MGASA-2013-0199 Updated jakarta-commons-httpclient package fixes security vulnerability
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...
Updated jakarta-commons-httpclient package fixes security vulnerability
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update
Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...
Fedora 18 : tomcat-7.0.40-1.fc18 (2013-7993)
Updated to 7.0.40 - Resolves: rhbz 956569 added missing commons-pool link Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fixed in Apache Tomcat 7.0.40
Moderate: Information disclosure CVE-2013-2071 Bug 54178 described a scenario where elements of a previous request may be exposed to a current request. This was very difficult to exploit deliberately but fairly likely to happen unexpectedly if an application used AsyncListeners that threw...
Moderate: Red Hat Security Advisory: JBoss Web Framework Kit 2.2.0 update
JBoss Web Framework Kit 2.2.0, which fixes two security issues, various bugs, and adds enhancements is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
SA-CONTRIB-2013-039 - Commons Wikis - Access bypass & Privilege escalation
The Drupal Commons distribution is a tool for building social, group-based collaboration communities. The Commons Wikis module is used by the distribution to provide specific wiki functionality. Versions 3.0 and earlier of the Commons Wikis module is vulnerable to an access bypass and privilege...
SA-CONTRIB-2013-038 - Commons Groups - Access bypass & Privilege escalation
The Drupal Commons distribution is a tool for building social, group-based collaboration communities. The Commons Groups module is used by the distribution to provide specific Organic Groups customizations. Versions 3.0 and earlier of the Commons Groups module is vulnerable to an access bypass an...
Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update
An updated jakarta-commons-httpclient package for JBoss Enterprise Web Platform 5.2.0 which fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scori...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update
An updated jakarta-commons-httpclient package for JBoss Enterprise Application Platform 5.2.0 which fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerabili...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update
An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update
An update for JBoss Enterprise Application Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...
Default configuration
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...