Fedora 20 : jakarta-commons-httpclient-3.1-15.fc20 (2014-9581)

Security fix for CVE-2014-3577, CVE-2012-6153 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora Update for jakarta-commons-httpclient FEDORA-2014-9581

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for jakarta-commons-httpclient FEDORA-2014-9539

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2014-0348 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side...

MGASA-2014-0347 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...

CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Design/Logic Flaw

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

UBUNTU-CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

CVE-2014-3577

CVE-2014-3577 (Apache HttpComponents) . The vulnerability affects Apache HttpClient prior to 4.3.5 and HttpAsyncClient prior to 4.0.2 where hostname verification against the certificate’s CN or subjectAltName can fail due to an incomplete/incorrect check, enabling man-in-the-middle attackers to s...

HybridAuth install.php PHP Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HybridAuth install.php PHP Code Execution', 'Description' = %q This module exploits a PHP code execution vulnerability in HybridAuth...

Apache HttpClient certificate checking bypass

Validation bypass via malcrafted constructions like O="foo,CN=www.apache.org”...

VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution

VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic...

VMTurbo Operations Manager 4.6 - 'vmtadmin.cgi' Remote Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution', 'Description' = %q VMTurbo Operations Manager 4.6 and prior ar...

Specify logging level to Prevent Root DEBUG from Exposing Login

h3. Summary Setting root level DEBUG can expose login information username/pw when JIRA is connected to Crowd for user management, as it outputs the REST POST contents that are transmitted through the HttpClient. h3. Environment Crowd integrated with JIRA for user management. h3. Steps to Reprodu...

Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability-vulnerability warning-the black bar safety net

Current source: https://github.com/rapid7/metasploit-framework the Exploit Title: Netgear WNR1000v3 Password Recovery Credential Disclosure Vulnerability Date: 7-5-14 Exploit Author: c1ph04 Version: 1.0 Tested on: Netgear WNR1000v3 Router Version: 'Netgear WNR1000v3 Password Extractor",...

Oracle Event Processing FileUploadServlet Arbitrary File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit Title: Netgear WNR1000v3 Password Recovery Credential Disclosure Vulnerability Date: 7-5-14 Exploit Author: c1ph04 Vendor Homepage: http://www.netgear.com/ Version...

Gitlist Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability in version 0.4.0 of Gitlist. The problem exists in the handling of an specially crafted file name when trying to blame it. This module requires Metasploit: http//metasploit.com/download Current source:...