CVE-2016-6814

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized...

CVE-2012-5817

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...

CVE-2012-5817

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...

CVE-2012-5817

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, fails to verify that the server hostname matches the CN/subjectAltName in the X.509 certificate, enabling MITM spoofing with an arbitrary valid certificate. Impact is described as spoofing SSL s...

PT-2012-6129 · Codehaus · Xfire

Name of the Vulnerable Software and Affected Versions: Codehaus XFire versions 1.2.6 and earlier Description: The issue allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate because it does not verify that the server hostname matches a domain name in the...