IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.x < 9.0.0.8 Information Disclosure (CVE-2012-5783)

The IBM WebSphere Application Server running on the remote host is version 7.0.0.x through 7.0.0.45, 8.0.0.x through 8.0.0.15, 8.5.0.x prior to 8.5.5.14 or 9.0.x prior to 9.0.0.8. It is, therefore, affected by an information disclosure vulnerability in the Apache Commons HttpClient subcomponent d...

Moderate Photon OS Security Update - PHSA-2020-0141

Updates of 'commons-httpclient', 'openssl' packages of Photon OS have been released...

Moderate Photon OS Security Update - PHSA-2020-3.0-0141

Updates of 'commons-httpclient', 'openssl' packages of Photon OS have been released...

Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise are affected by a Websphere Application Server Vulnerability (CVE-2012-5783)

Summary IBM Integration Bus and IBM App Connect Enterprise are affected by an httpclient package used by WebSphere Application Server for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION:...

EulerOS 2.0 SP5 : jakarta-commons-httpclient (EulerOS-SA-2020-1109)

According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...

Huawei EulerOS: Security Advisory for jakarta-commons-httpclient (EulerOS-SA-2020-1109)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ

Summary Multiple vulnerabilities in bundled software packages affect IBM StoredIQ. IBM StoredIQ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2009-0217 DESCRIPTION: The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products...

Security Bulletin: Security Vulnerabilities have been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2012-5783, CVE-2018-1614, CVE-2014-0114, CVE-2015-0899)

Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about security vulnerabilities affecting Websphere Application Server has been published in security bulletins. Vulnerability Details Please consult the security bulletins: Security Bulletin:...

Huawei EulerOS: Security Advisory for jakarta-commons-httpclient (EulerOS-SA-2019-2397)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for jakarta-commons-httpclient (EulerOS-SA-2019-2027)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : jakarta-commons-httpclient (EulerOS-SA-2019-2397)

According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services,...

EulerOS 2.0 SP3 : jakarta-commons-httpclient (EulerOS-SA-2019-2027)

According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...

Security Bulletin: Information disclosure in Apache Commons HttpClient may affect WebSphere Application Server as part of IBM InfoSphere Identity Insight (CVE-2012-5783)

Summary There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server shipped as part of IBM InfoSphere Identity Insight. Vulnerability Details CVEs: CVE-2012-5783 Link to security bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22016216...

Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)

Summary There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could all...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused b...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway

Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server have been published in security...

Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server shipped with Jazz for Service Management (CVE-2012-5783)

Summary There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could all...

Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server shipped with Tivoli Integrated Portal (CVE-2012-5783)

Summary There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could all...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2012-5783)

Summary IBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WegSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin, Security Bulletin:...