Security Bulletin: Man in the middle vulnerability in Liberty for Java for IBM Cloud (CVE-2014-3603)

Summary There is a man in the middle vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4....

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +811 more potentially affected by CVE-2014-3603 via org.opensaml:opensaml (>=1.1 <=2.6.1)

org.opensaml:opensaml MAVEN version =1.1, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.112-RELEASE and more Source cves: CVE-2014-3603 Source advisory: OSV:GHSA-RM7V-GQFG-P2WC...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2019-4304, CVE-2019-4305, CVE-2019-4441, CVE-2014-3603)

Summary Security vulnerabilities in WebSphere Application Server Liberty, such as spoofing, obtaining sensitive information, and bypassing security restrictions, affect IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for VMware. Vulnerability Details CVEID: CVE-2019-4304...

Security Bulletin: Novalink is impacted by Man in the middle vulnerability in WebSphere Application Server Liberty (CVE-2014-3603)

Summary Novalink uses WebSphere Application Server Liberty. There is a man in the middle vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: Shibboleth Identity Provider IdP and OpenSAML Java could...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments

Summary Security vulnerabilities in WebSphere Application Server Liberty, such as spoofing, obtaining sensitive information, and bypassing security restrictions, affect IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Prote...

Security Bulletin: Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty used by MobileFirst Platform Foundation

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability.Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: Shibboleth Identity Provider IdP and OpenSAML Java could allow a...

Security Bulletin: Information disclosure in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2014-3603)

Summary Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Log Analysis| 1.3.1 Log Analysis| 1.3.2...

Security Bulletin: Vulnerabilities in Websphere Liberty and OpenLiberty

Summary There are vulnerabilities in Websphere Liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and...

Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS vulnerability.

Summary Rational Asset Analyzer RAA has addressed the following vulnerability in WAS. Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that...

Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2014-3603)

Summary IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do...

(RHSA-2019:4117) Moderate: Open Liberty 19.0.0.12 Runtime security update

Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 19.0.0.12 serves as a replacement for Open Liberty 19.0.0.11 and includes bug fixes, enhancements, and security fixes. For specific information about this...

CVE-2014-3603

The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

CVE-2014-3603

CVE-2014-3603 involves improper hostname verification in Shibboleth IdP (HttpResource/FileBackedHttpResource) and OpenSAML Java 2.6.2, allowing MITM spoofing of SSL with arbitrary valid certs. IBM/Liberty-focused advisories confirm affected products and versions: Liberty for Java 3.37 and earlier...

Fedora Update for opensaml-java FEDORA-2015-10175

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for opensaml-java-openws FEDORA-2015-10235

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...