914 matches found
Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2014-410)
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
F5 iControl Remote Root Command Execution Exploit
This Metasploit module exploits an authenticated remote command execution vulnerability in the F5 BIGIP iControl API and likely other F5 devices. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class...
F5 iControl - Remote Command Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "F5 iControl Remote Root Command Execution", 'Description' = %q This module exploits an authenticated remote command execution...
Apache mod_cgi Bash Environment Variable Code Injection Exploit
This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache modcgi scripts through the HTTPUSERAGENT variable. This module requires Metasploit: http//metasploit.com/download Current source:...
Important: jakarta-commons-httpclient
Issue Overview: Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Mandriva Linux Security Advisory : jakarta-commons-httpclient (MDVSA-2014:170)
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability : The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS wh...
CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos7
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 5 / 6 / 7 : jakarta-commons-httpclient (ELSA-2014-1166)
The remote Oracle Linux 5 / 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-1166 advisory. 1:3.1-16 - Fix MITM security vulnerability - Resolves: CVE-2014-3577 Tenable has extracted the preceding description block directly from the Oracle Linu...
CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RedHat Update for jakarta-commons-httpclient RHSA-2014:1166-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 5 / 6 / 7 : jakarta-commons-httpclient (RHSA-2014:1166)
Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
CentOS 5 / 6 / 7 : jakarta-commons-httpclient (CESA-2014:1166)
Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: jakarta-commons-httpclient security update
Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
jakarta security update
CentOS Errata and Security Advisory CESA-2014:1166 Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...
jakarta-commons-httpclient security update
1:3.1-16 - Fix MITM security vulnerability - Resolves: CVE-2014-3577...
DEBIAN-CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...
Design/Logic Flaw
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...