74 matches found
Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update
Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 4, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 security update
Red Hat JBoss BRMS 6.0.3 roll up patch 2, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...
[ MDVSA-2014:170 ] jakarta-commons-httpclient
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:170 http://www.mandriva.com/en/support/security/ Package : jakarta-commons-httpclient Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated jakarta-commons-httpclient and...
IBM WebSphere Portal 8.x < 8.0.0.1 CF13 Multiple Vulnerabilities
The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the HttpClient component of the Apache HttpComponents library. An attacker can exploit this issue by sending a Proxy-Authorization header to retriev...
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...
MGASA-2014-0347 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...
CVE-2014-3577
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2014-3577
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2014-3577
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2014-3577
CVE-2014-3577 (Apache HttpComponents) . The vulnerability affects Apache HttpClient prior to 4.3.5 and HttpAsyncClient prior to 4.0.2 where hostname verification against the certificate’s CN or subjectAltName can fail due to an incomplete/incorrect check, enabling man-in-the-middle attackers to s...
CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory - Apache Software Foundation Apache HttpComponents / hc.apache.org Hostname verification susceptible to MITM attack CVE-2014-3577 / CVSS 1.4 Apache HttpComponents prior to revision 4.3.5/4.0.2 may be susceptible to a 'Man in the Midd...
Authorization
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...
CVE-2011-1498
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...
CVE-2011-1498
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...