4457 matches found
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...
PT-2013-2187 · Apache +1 · Apache Commons Fileupload +1
Name of the Vulnerable Software and Affected Versions: Apache Commons FileUpload versions 1.0 through 1.2.2 Description: The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload uses the /tmp directory for uploaded files, which allows local users to overwrite...
Medium: jakarta-commons-httpclient
Issue Overview: The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate th...
Apache Commons FileUpload不安全临时文件创建漏洞(CVE-2013-0248)
BUGTRAQ ID: 58326 CVECAN ID: CVE-2013-0248 Apache Commons FileUpload软件包可以向小服务程序和Web应用添加高性能的文件上传功能。 Apache Commons FileUpload v1.0 - 1.2.2在上传文件过程中,会将上传的文件临时存在磁盘上,默认的位于系统的tmp目录内。因为临时文件具有可预测的文件名,并存储在可公开写入的位置,这就易于受到TOCTOU攻击。成功攻击需要攻击者对tmp目录具有写访问权限。将存储位置设在不能公开写入的位置,可以防止此攻击。 0 Apache Group Commons...
commons-configuration
| | math | | 1.2 | |...
RedHat Update for jakarta-commons-httpclient RHSA-2013:0270-01
Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test RedHat Update for jakarta-commons-httpclient RHSA-2013:0270-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
CentOS Update for jakarta-commons-httpclient CESA-2013:0270 centos5
Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test CentOS Update for jakarta-commons-httpclient CESA-2013:0270 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
RedHat Update for jakarta-commons-httpclient RHSA-2013:0270-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for jakarta-commons-httpclient CESA-2013:0270 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Scientific Linux Security Update : jakarta-commons-httpclient on SL5.x, SL6.x i386/x86_64 (20130219)
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the- middle attacker to spoof an SSL server if they had a certificate that was valid fo...
jakarta security update
CentOS Errata and Security Advisory CESA-2013:0270 Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...
CentOS 5 : jakarta-commons-httpclient (CESA-2013:0270)
Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
RHEL 5 / 6 : jakarta-commons-httpclient (RHSA-2013:0270)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0270 advisory. The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications such as web browsers and web service clients. The...
Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update
Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
jakarta-commons-httpclient security update
1:3.1-0.7 - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5783...
Fedora Update for jakarta-commons-httpclient FEDORA-2013-1189
Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test Fedora Update for jakarta-commons-httpclient FEDORA-2013-1189 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Fedora Update for jakarta-commons-httpclient FEDORA-2013-1203
Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test Fedora Update for jakarta-commons-httpclient FEDORA-2013-1203 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Fedora 18 : jakarta-commons-httpclient-3.1-12.fc18 (2013-1203)
This update fixes a security vulnerability that caused jakarta-commons-httpclient not to verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via...
Fedora 16 : jakarta-commons-httpclient-3.1-12.fc16 (2013-1289)
This update fixes a security vulnerability that caused jakarta-commons-httpclient not to verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allowed man-in-the-middle attackers to spoof SSL servers via...