914 matches found
USN-2769-1: Apache Commons HttpClient vulnerabilities
It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. This issue only affect...
Updated jakarta-commons-httpclient and httpcomponents-client packages fixes security vulnerability
The Apache httpclient library had a bug where the socket timeout was ignored during the SSL handshake, causing threads in an application to hang CVE-2015-5262...
Oracle: Security Advisory (ELSA-2013-0270)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2014-1166)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Simple Backdoor Shell Remote Code Execution Exploit
This Metasploit module exploits unauthenticated simple web backdoor shells by leveraging the common backdoor shell's CMD parameter to execute commands. The SecLists project of Daniel Miessler and Jason Haddix has a lot of samples for these kind of backdoor shells which is categorized under...
Fedora 22 : jakarta-commons-httpclient-3.1-23.fc22 (2015-15589)
This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SOTIMEOUT parameter during SSL handshake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora 23 : jakarta-commons-httpclient-3.1-23.fc23 (2015-15590)
This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SOTIMEOUT parameter during SSL handshake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Debian DLA-322-1 : commons-httpclient security update
Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization code in commons-httpclient. This upload fixes this issue by respecting the...
Fedora 21 : jakarta-commons-httpclient-3.1-20.fc21 (2015-15588)
This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SOTIMEOUT parameter during SSL handshake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora Update for jakarta-commons-httpclient FEDORA-2015-15589
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for jakarta-commons-httpclient FEDORA-2015-15588
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 22 Update: jakarta-commons-httpclient-3.1-23.fc22
The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of...
[SECURITY] [DLA 322-1] commons-httpclient security update
Package : commons-httpclient Version : 3.1-9+deb6u2 CVE ID : CVE-2015-5262 Trevin Beattie 1 discovered an issue where one could observe hanging threads in a multi-threaded Java application. After debugging the issue, it became evident that the hanging threads were caused by the SSL initialization...
Amazon Linux: Security Advisory (ALAS-2013-169)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2014-410)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UPnP IGD SOAP Port Mapping Utility
Manage port mappings on UPnP IGD-capable device using the AddPortMapping and DeletePortMapping SOAP requests This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'UPnP IGD SOAP Por...
CVE-2013-7398
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client aka AHC or async-http-client before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...
Ruby on Rails 4.0.x/4.1.x/4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails Web Console v2 Whitelist Bypass Code Execution', 'Description' = %q This module exploits an IP whitelist bypass...
D-Link Devices HNAP SOAPAction-Header Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link Devices HNAP SOAPAction-Header Command Execution', 'Description' = %q Different D-Link Routers are vulnerable to OS command...
D-Link Devices - HNAP SOAPAction-Header Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link Devices HNAP SOAPAction-Header Command Execution', 'Description' = %q Different D-Link Routers are vulnerable to OS command...