Debian DLA-322-1 : commons-httpclient security update

Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization code in commons-httpclient. This upload fixes this issue by respecting the...

Fedora 21 : jakarta-commons-httpclient-3.1-20.fc21 (2015-15588)

This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SOTIMEOUT parameter during SSL handshake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Fedora Update for jakarta-commons-httpclient FEDORA-2015-15588

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for jakarta-commons-httpclient FEDORA-2015-15589

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 22 Update: jakarta-commons-httpclient-3.1-23.fc22

The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...

[SECURITY] [DLA 322-1] commons-httpclient security update

Package : commons-httpclient Version : 3.1-9+deb6u2 CVE ID : CVE-2015-5262 Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization...

Amazon Linux: Security Advisory (ALAS-2014-410)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2013-169)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UPnP IGD SOAP Port Mapping Utility

Manage port mappings on UPnP IGD-capable device using the AddPortMapping and DeletePortMapping SOAP requests This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'UPnP IGD SOAP Por...

CVE-2013-7398

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client aka AHC or async-http-client before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...

Ruby on Rails 4.0.x/4.1.x/4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails Web Console v2 Whitelist Bypass Code Execution', 'Description' = %q This module exploits an IP whitelist bypass...

D-Link Devices - HNAP SOAPAction-Header Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link Devices HNAP SOAPAction-Header Command Execution', 'Description' = %q Different D-Link Routers are vulnerable to OS command...

D-Link Devices HNAP SOAPAction-Header Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link Devices HNAP SOAPAction-Header Command Execution', 'Description' = %q Different D-Link Routers are vulnerable to OS command...

[SECURITY] [DLA 222-1] commons-httpclient security update

Package : commons-httpclient Version : 3.1-9+deb6u1 CVE ID : CVE-2012-5783 CVE-2012-6153 CVE-2014-3577 CVE-2012-5783 and CVE-2012-6153 Apache Commons HttpClient 3.1 did not verify that the server hostname matches a domain name in the subjects Common Name CN or subjectAltName field of the X.509...

DLA-222-1 commons-httpclient - security update

Bulletin has no description...

Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support

Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...

Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support

Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...

IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in 'Apache Commons HttpClient' that allows a man-in-the-middle attacker to spoof SSL servers via a certificate with a subject...

Updated ruby-httpclient package enables SSL negotiation

This new version enables SSL negotiation instead of hardcoding SSLv3...

MGASA-2014-0489 Updated ruby-httpclient package enables SSL negotiation

This new version enables SSL negotiation instead of hardcoding SSLv3...