Lucene search
K

4458 matches found

Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.41 views

Oracle Linux 5 : Important: / tomcat (ELSA-2007-0327)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0327 advisory. jakarta-commons-modeler-1.1-8jpp.1.0.2.el5 1.1-8jpp.1.0.2.el5 - rebuild after the fix for bug 238139 made it into the build root - Resolves: bug 238694...

5CVSS5.5AI score0.90768EPSS
Exploits5References5
OSV
OSV
added 2013/07/06 2:11 p.m.5 views

MGASA-2013-0199 Updated jakarta-commons-httpclient package fixes security vulnerability

The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...

5.8CVSS9.1AI score0.09254EPSS
Exploits0References3
Mageia
Mageia
added 2013/07/06 2:11 p.m.41 views

Updated jakarta-commons-httpclient package fixes security vulnerability

The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...

5.8CVSS1.8AI score0.09254EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2013/07/01 3:10 p.m.40 views

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update

Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

6.4CVSS6.6AI score0.12098EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2013/05/22 12:0 a.m.35 views

Fedora 18 : tomcat-7.0.40-1.fc18 (2013-7993)

Updated to 7.0.40 - Resolves: rhbz 956569 added missing commons-pool link Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

2.6CVSS5.3AI score0.06501EPSS
Exploits2References5
Apache Tomcat
Apache Tomcat
added 2013/05/09 12:0 a.m.37 views

Fixed in Apache Tomcat 7.0.40

Moderate: Information disclosure CVE-2013-2071 Bug 54178 described a scenario where elements of a previous request may be exposed to a current request. This was very difficult to exploit deliberately but fairly likely to happen unexpectedly if an application used AsyncListeners that threw...

6.8CVSS8.8AI score0.1399EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2013/04/22 9:17 p.m.10 views

Moderate: Red Hat Security Advisory: JBoss Web Framework Kit 2.2.0 update

JBoss Web Framework Kit 2.2.0, which fixes two security issues, various bugs, and adds enhancements is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

5.8CVSS6.5AI score0.3038EPSS
Exploits2References5
Drupal
Drupal
added 2013/03/27 12:0 a.m.22 views

SA-CONTRIB-2013-039 - Commons Wikis - Access bypass & Privilege escalation

The Drupal Commons distribution is a tool for building social, group-based collaboration communities. The Commons Wikis module is used by the distribution to provide specific wiki functionality. Versions 3.0 and earlier of the Commons Wikis module is vulnerable to an access bypass and privilege...

5CVSS6.7AI score0.02558EPSS
Exploits0References13
Drupal
Drupal
added 2013/03/27 12:0 a.m.20 views

SA-CONTRIB-2013-038 - Commons Groups - Access bypass & Privilege escalation

The Drupal Commons distribution is a tool for building social, group-based collaboration communities. The Commons Groups module is used by the distribution to provide specific Organic Groups customizations. Versions 3.0 and earlier of the Commons Groups module is vulnerable to an access bypass an...

5CVSS6.7AI score0.02908EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2013/03/25 5:5 p.m.41 views

Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update

An updated jakarta-commons-httpclient package for JBoss Enterprise Web Platform 5.2.0 which fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scori...

5.8CVSS6.6AI score0.09254EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2013/03/25 5:5 p.m.2 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/25 5:4 p.m.47 views

Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update

An updated jakarta-commons-httpclient package for JBoss Enterprise Application Platform 5.2.0 which fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerabili...

5.8CVSS6.6AI score0.09254EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2013/03/25 5:4 p.m.2 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/25 5:4 p.m.6 views

Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update

An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

5.8CVSS6.6AI score0.09254EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/03/25 5:3 p.m.38 views

Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update

An update for JBoss Enterprise Application Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

5.8CVSS6.6AI score0.09254EPSS
Exploits0References3
NVD
NVD
added 2013/03/15 8:55 p.m.22 views

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

3.3CVSS7.5AI score0.0068EPSS
Exploits1References6
OSV
OSV
added 2013/03/15 8:55 p.m.5 views

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

6.2AI score
Exploits0References6
Prion
Prion
added 2013/03/15 8:55 p.m.21 views

Default configuration

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

3.3CVSS6.7AI score0.0068EPSS
Exploits1References6Affected Software1
UbuntuCve
UbuntuCve
added 2013/03/15 8:55 p.m.28 views

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

3.3CVSS7.2AI score0.0068EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2013/03/15 1:0 a.m.30 views

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

3.3CVSS8.4AI score0.0068EPSS
Exploits1
Rows per page
Query Builder