22 matches found
GHSA-CMXJ-WX9V-52QR Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
com.adaptc.mws.plugins:plugins-native (>=1.2 <=1.9-1701809693), com.adaptc.mws.plugins:plugins-reports (>=1.1 <=1.7-1701809693) +83 more potentially affected by CVE-2014-3604 via ca.juliusdavies:not-yet-commons-ssl (=0.3.11)
ca.juliusdavies:not-yet-commons-ssl MAVEN version =0.3.11 is affected by a known vulnerability. The following packages have a transitive dependency on ca.juliusdavies:not-yet-commons-ssl and may be impacted: - com.adaptc.mws.plugins:plugins-native =1.2, =1.1, =0.9.0, =0.9.0, =1.14, =1.0.201602030...
Mageia: Security Advisory (MGASA-2014-0551)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code42 CrashPlan Remote Code Execution Vulnerability
Code42 CrashPlan is an online data backup solution from Code42 Software, USA. A remote code execution vulnerability exists in Code42 CrashPlan version 5.4.x. A remote attacker can exploit the vulnerability by using org.apache.commons.ssl.rssl. A remote attacker can exploit this vulnerability to...
[ MDVSA-2015:141 ] not-yet-commons-ssl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:141 http://www.mandriva.com/en/support/security/ Package : not-yet-commons-ssl Date : March 29, 2015 Affected: Business Server 2.0 Problem Description: Updated not-yet-commons-ssl packages fixes security...
Mandriva Linux Security Advisory : not-yet-commons-ssl (MDVSA-2015:141)
Updated not-yet-commons-ssl packages fixes security vulnerability : It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle MITM...
MGASA-2014-0551 Updated not-yet-commons-ssl packages fix CVE-2014-3604
Updated not-yet-commons-ssl packages fixes security vulnerability: It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle MITM...
Updated not-yet-commons-ssl packages fix CVE-2014-3604
Updated not-yet-commons-ssl packages fixes security vulnerability: It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle MITM...
CVE-2014-3604
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3604
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3604
Removed by vendor...
CVE-2014-3604
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3604
Not-Yet-Commons-SSL (Not-Yet-Commons-SSL) CVE-2014-3604 contains a hostname verification flaw in Certificates.java: the client fails to properly verify that the server certificate CN matches the domain name. This enables MITM-style spoofing of SSL servers using arbitrary valid certificates. Affec...
Fedora Update for not-yet-commons-ssl FEDORA-2014-10746
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for not-yet-commons-ssl FEDORA-2014-10729
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 19 : not-yet-commons-ssl-0.3.15-2.fc19 (2014-10746)
Fix jar path in install. Update to upstream 0.3.15. Fixes CVE-2014-3604 . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 20 : not-yet-commons-ssl-0.3.15-2.fc20 (2014-10729)
Fix jar path in install. Update to upstream 0.3.15. Fixes CVE-2014-3604 . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
[SECURITY] Fedora 19 Update: not-yet-commons-ssl-0.3.15-2.fc19
Commons-SSL lets you control the SSL options you need in an natural way for each SSLSocketFactory, and those options won't bleed into the rest of your system...
[SECURITY] Fedora 20 Update: not-yet-commons-ssl-0.3.15-2.fc20
Commons-SSL lets you control the SSL options you need in an natural way for each SSLSocketFactory, and those options won't bleed into the rest of your system...