[SECURITY] [DLA 222-1] commons-httpclient security update

Package : commons-httpclient Version : 3.1-9+deb6u1 CVE ID : CVE-2012-5783 CVE-2012-6153 CVE-2014-3577 CVE-2012-5783 and CVE-2012-6153 Apache Commons HttpClient 3.1 did not verify that the server hostname matches a domain name in the subjects Common Name CN or subjectAltName field of the X.509...

DLA-222-1 commons-httpclient - security update

Bulletin has no description...

Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support

Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...

Update the version of commons-httpclient to address CVE-2012-5783 & CVE-2014-3577 and gain SNI support

Upgrade commons-httpclient to version 3.1-atlassian-2 to gain SNI support and to fix CVE-2012-5783 & CVE-2014-3577...

IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in 'Apache Commons HttpClient' that allows a man-in-the-middle attacker to spoof SSL servers via a certificate with a subject...

Updated ruby-httpclient package enables SSL negotiation

This new version enables SSL negotiation instead of hardcoding SSLv3...

MGASA-2014-0489 Updated ruby-httpclient package enables SSL negotiation

This new version enables SSL negotiation instead of hardcoding SSLv3...

Device42 DCIM Appliance Manager Traceroute Command Injection Exploit

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages traceroute. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...

Pandora Fms - SQL Injection Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Pandora FMS SQLi Remote Code Execution', 'Description' = %q This module attempts to exploit multiple issues in order to gain remote...

MantisBT XmlImportExport Plugin PHP Code Injection Exploit

This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink"...

Mantis Bug Tracker 1.2.0a3 &lt; 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability', 'Description' = %q This module exploits a post-auth...

RHEL 6 : devtoolset-2-httpcomponents-client (RHSA-2014:1098)

Updated devtoolset-2-httpcomponents-client packages that fix one security issue are now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Fedora 21 : rubygem-httpclient-2.4.0-2.fc21 (2014-12980)

Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...

Fedora Update for rubygem-httpclient FEDORA-2014-13070

Check the version of rubygem-httpclient SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868441";...

Fedora Update for rubygem-httpclient FEDORA-2014-13040

Check the version of rubygem-httpclient SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868432";...

Fedora 19 : rubygem-httpclient-2.4.0-2.fc19 (2014-13070)

Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...

Fedora 20 : rubygem-httpclient-2.4.0-2.fc20 (2014-13040)

Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...

SOL15741 - Apache Commons HttpClient vulnerability CVE-2012-6153

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

[ MDVSA-2014:170 ] jakarta-commons-httpclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:170 http://www.mandriva.com/en/support/security/ Package : jakarta-commons-httpclient Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated jakarta-commons-httpclient and...

serf / Apache httpcomponents HttpClient / Jakarta Commons HttpClient SSL validation bypass

Invalid parsing of certificates with NUL character in CN...