Improper Certificate Validation in Apache Commons HttpClient

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

GHSA-3832-9276-X7GF Improper Certificate Validation in Apache Commons HttpClient

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

RHEL 8 : .NET Core 3.1 (RHSA-2022:2202)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:2202 advisory. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

AlmaLinux 8 : maven:3.5 (ALSA-2022:1861)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1861 advisory. apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Tenable has extracted the preceding description block directl...

AlmaLinux 8 : maven:3.6 (ALSA-2022:1860)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1860 advisory. apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Tenable has extracted the preceding description block directl...

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

RLSA-2022:2200 Important: .NET 5.0 security, bug fix, and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core...

ALSA-2022:2200 Important: .NET 5.0 security, bug fix, and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core...

RHEL 8 : maven:3.5 (RHSA-2022:1861)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1861 advisory. Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build...

RHEL 8 : maven:3.6 (RHSA-2022:1860)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1860 advisory. Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build...

CVE-2022-23267

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

Moderate: Red Hat Security Advisory: maven:3.5 security update

An update for the maven:3.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Moderate: Red Hat Security Advisory: maven:3.6 security and enhancement update

An update for the maven:3.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2022:1861 Moderate: maven:3.5 security update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...

Moderate: maven:3.5 security update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...

maven:3.5 security update

An update is available for apache-commons-io, atinject, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, glassfish-el, apache-commons-cli, guava20, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, jansi-native, apache-commons-logging,...

RLSA-2022:1860 Moderate: maven:3.6 security and enhancement update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...