apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update from 7.11 to 7.12 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2012-5783).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2012-5783).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM WebSphere...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected APM Linux KVM Agent

Summary APM Linux KVM Agent is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2012-6153 DESCRIPTION: Apache HttpComponents could allow a remote attacker to...

Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerabilities in Apache HttpClient

Summary Apache HttpClient used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2011-1498, CVE-2012-5783, CVE-2012-6153, CVE-2014-3577,CVE-2015-5262 Vulnerability Details CVEID:CVE-2011-1498 DESCRIPTION: Apache HttpComponents could allow a remote attacker to obtain...

AIX (IJ44987)

The version of AIX installed on the remote host is prior to APAR IJ44987. It is, therefore, affected by a vulnerability as referenced in the IJ44987 advisory. - Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify tha...

AIX (IJ45221)

The version of AIX installed on the remote host is prior to APAR IJ45221. It is, therefore, affected by a vulnerability as referenced in the IJ45221 advisory. - Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify tha...

Security Bulletin: AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient (CVE-2012-5783)

Summary A vulnerability in Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks CVE-2012-5783. AIX ships Apache Commons HttpClient as part of Electronic Customer Care. Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazo...

AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient

IBM SECURITY ADVISORY First Issued: Thu Apr 13 13:44:57 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/commonshttpadvisory.asc Security Bulletin: AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient...

Security Bulletin: Multiple vulnerabilities in Open Source software used by Cloud Pak System

Summary Multiple vulnerabilities in Open Source software used by Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2015-1832 DESCRIPTION: Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external...

Security Bulletin: Vulnerability in commons-httpclient-3.0.1.jar affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) (CVE-2012-5783)

Summary Commons-httpclient-3.0.1.jar package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2012-5783. Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Servi...

Debian: Security Advisory (DLA-222-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-322-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Froxlor 2.0.6 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Froxlor Log Path RCE', 'Description' = %q Froxlor v2.0.6 and below suffer from a bug that allows authenticated users to change the application lo...

Amazon Linux 2 : httpcomponents-client (ALAS-2023-1946)

The version of httpcomponents-client installed on the remote host is prior to 4.2.5-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1946 advisory. Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in reques...

K15741: Apache Commons HttpClient vulnerability CVE-2012-6153

Security Advisory Description http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

K15737: Apache vulnerability CVE-2014-3577

Security Advisory Description org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509...

K15364328: Apache vulnerabilities CVE-2012-5783 and CVE-2012-6153

Security Advisory Description CVE-2012-5783 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509...