Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server shipped with Jazz for Service Management (CVE-2012-5783)

Summary There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could all...

TeamCity Agent XML-RPC Command Execution Exploit

This Metasploit module allows remote code execution on TeamCity Agents configured to use bidirectional communication via xml-rpc. In bidirectional mode the TeamCity server pushes build commands to the Build Agents over port TCP/9090 without requiring authentication. Up until version 10 this was t...

Netgear Unauthenticated Remote Command Execution Exploit

Netgear WN604 versions before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 versions before 3.5.5.0 allow remote attackers to execute arbitrary commands. This module requires Metasploit: https://metasploit.com/download Current source:...

Netgear Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear Devices Unauthenticated Remote Command Execution', 'Description' = %q From the CVE-2016-1555 page: 1 boardData102.php, 2 boardData103.php...

Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server shipped with Tivoli Integrated Portal (CVE-2012-5783)

Summary There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could all...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2012-5783)

Summary IBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WegSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin, Security Bulletin:...

Moderate severity vulnerability that affects io.vertx:vertx-core

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

Denial of service vulnerability in org.apache.httpcomponents:httpclient

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), agorapulse.plugins.asset-pipeline-cdn:agorapulse.plugins.asset-pipeline-cdn.gradle.plugin (>=0.1 <=0.1.3) +16686 more potentially affected by CVE-2015-5262 via org.apache.httpcomponents:httpclient (>=4.0 <=4.3.5)

org.apache.httpcomponents:httpclient MAVEN version =4.0, =1.0.1, =0.1, =1.4.6, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.13.0, =0.13.0, =0.13.0, =0.12.0, =0.13.0, =0.12.0, =0.16.0 and more Source cves: CVE-2015-5262 Source advisory: OSV:GHSA-FMJ5-WV96-R2CH...

GHSA-2X83-R56G-CV47 Improper certificate validation in org.apache.httpcomponents:httpclient

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), agorapulse.plugins.asset-pipeline-cdn:agorapulse.plugins.asset-pipeline-cdn.gradle.plugin (>=0.1 <=0.1.3) +9387 more potentially affected by CVE-2012-6153 via org.apache.httpcomponents:httpclient (>=4.0 <=4.2.2)

org.apache.httpcomponents:httpclient MAVEN version =4.0, =1.0.1, =0.1, =1.4.6, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.17.0, =0.2.3.5, =0.2.3.5, =3.14.0.1, =3.8.2.4, =3.18.0.9 and more Source cves: CVE-2012-6153 Source advisory: OSV:GHSA-2X83-R56G-CV47...

Improper certificate validation in org.apache.httpcomponents:httpclient

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

GHSA-CFH5-3GHH-WFJX Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), agorapulse.plugins.asset-pipeline-cdn:agorapulse.plugins.asset-pipeline-cdn.gradle.plugin (>=0.1 <=0.1.3) +15751 more potentially affected by CVE-2014-3577 via org.apache.httpcomponents:httpclient (>=4.0 <=4.3.4)

org.apache.httpcomponents:httpclient MAVEN version =4.0, =1.0.1, =0.1, =1.4.6, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.13.0, =0.13.0, =0.13.0, =0.12.0, =0.13.0, =0.12.0, =0.16.0 and more Source cves: CVE-2014-3577 Source advisory: OSV:GHSA-CFH5-3GHH-WFJX...

Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Belkin Wemo-Enabled Crock-Pot Remote Control

This module acts as a simple remote control for Belkin Wemo-enabled Crock-Pots by implementing a subset of the functionality provided by the Wemo App. No vulnerabilities are exploited by this Metasploit module in any way. This module requires Metasploit: https://metasploit.com/download Current...

Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with Financial Transaction Manager (CVE-2012-5783)

Summary WebSphere Application Server is shipped with Financial Transaction Manager. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletin Security Bulletin: Information...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2012-5783)

Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the Security Bulletin: Information...

CVE-2018-12537

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

Design/Logic Flaw

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...