Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 4 : axis-1.2.1-7.3.AXS4 (AXSA:2013-129:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-129:01 advisory. Apache AXIS is an implementation of the SOAP Simple Object Access Protocol submission to W3C. From the draft W3C specification: SOAP is a lightweight protocol...

5.8CVSS7.6AI score0.05722EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: nodejs (UTSA-2025-680625)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680625 advisory. Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained...

7.4CVSS7AI score0.08373EPSS
Exploits0References4
PyPA
PyPA
added 2020/01/02 6:15 p.m.9 views

PYSEC-2020-245

ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name CN or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an...

5.9CVSS6.9AI score0.00413EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/11/19 5:15 p.m.1 views

DEBIAN-CVE-2012-6071

nuSOAP before 0.7.3-5 does not properly check the hostname of a cert...

7.5CVSS7.3AI score0.01312EPSS
Exploits0References1
OSV
OSV
added 2019/09/08 4:15 p.m.4 views

UBUNTU-CVE-2016-10937

IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate...

7.5CVSS5.8AI score0.00946EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/05/26 8:35 a.m.9 views

mysql: ssl-validate-cert incorrect hostname check

It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client...

5.9CVSS7.1AI score0.03741EPSS
Exploits0References5
OSV
OSV
added 2014/08/21 2:55 p.m.1 views

DEBIAN-CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS9.1AI score0.09149EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2013/03/25 5:9 p.m.5 views

axis: missing connection hostname check against X.509 certificate name

Apache Axis did not verify that the server host name matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name...

5.8CVSS6.8AI score0.05722EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/03/25 5:4 p.m.8 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/25 5:4 p.m.6 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
OSV
OSV
added 2012/11/04 10:55 p.m.4 views

DEBIAN-CVE-2012-5784

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or...

5.8CVSS7.2AI score0.05722EPSS
Exploits1References1
Rows per page
Query Builder