Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

914 matches found

Debian CVE
Debian CVEadded 2014/09/04 5:0 p.m.44 views

CVE-2012-6153

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

4.3CVSS6.6AI score0.05796EPSS
Exploits0
Cvelist
Cvelistadded 2014/09/04 5:0 p.m.29 views

CVE-2012-6153

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

5.9AI score0.05796EPSS
Exploits0References21
CVE
CVEadded 2014/09/04 5:0 p.m.222 views

CVE-2012-6153

Apache Commons HttpClient before 4.2.3 fails to verify that the server hostname matches the domain name in the certificate’s CN/subjectAltName (AbstractVerifier.java), enabling MITM SSL spoofing. This is a follow-on to an incomplete fix for CVE-2012-5783; the issue has affected various Java deplo...

4.3CVSS5.9AI score0.05796EPSS
Exploits0References21Affected Software1
UbuntuCve
UbuntuCveadded 2014/09/04 12:0 a.m.38 views

CVE-2012-6153

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

4.3CVSS6.5AI score0.05796EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2014/09/04 12:0 a.m.32 views

CentOS 7 : httpcomponents-client (CESA-2014:1146)

Updated httpcomponents-client packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

5.8CVSS6.4AI score0.09149EPSS
Exploits1References2
Cent OS
Cent OSadded 2014/09/03 11:9 p.m.82 views

httpcomponents security update

CentOS Errata and Security Advisory CESA-2014:1146 Updated httpcomponents-client packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS ba...

5.8CVSS6.6AI score0.09149EPSS
Exploits1References7
Fedora
Fedoraadded 2014/08/30 3:58 a.m.26 views

[SECURITY] Fedora 20 Update: httpcomponents-client-4.2.5-4.fc20

HttpClient is a HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It also provides reusable components for client-side authentication, HTTP state management, and HTTP connection management. HttpComponents Client is a successor of and replacement for Commons HttpClient...

5.8CVSS1.2AI score0.09149EPSS
Exploits1
OpenVAS
OpenVASadded 2014/08/27 12:0 a.m.38 views

Fedora Update for jakarta-commons-httpclient FEDORA-2014-9581

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1AI score
Exploits0References2
OpenVAS
OpenVASadded 2014/08/27 12:0 a.m.33 views

Fedora Update for jakarta-commons-httpclient FEDORA-2014-9539

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2014/08/27 12:0 a.m.35 views

Fedora 20 : jakarta-commons-httpclient-3.1-15.fc20 (2014-9581)

Security fix for CVE-2014-3577, CVE-2012-6153 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

5.8CVSS6.2AI score0.09254EPSS
Exploits1References6
OSV
OSVadded 2014/08/25 8:44 a.m.7 views

MGASA-2014-0347 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...

5.8CVSS6AI score0.09149EPSS
Exploits1References4
OSV
OSVadded 2014/08/25 8:44 a.m.5 views

MGASA-2014-0348 Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side...

5.8CVSS6.3AI score0.09149EPSS
Exploits1References4
Mageia
Mageiaadded 2014/08/25 8:44 a.m.107 views

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS whe...

4.3CVSS2AI score0.05796EPSS
Exploits0References3
NVD
NVDadded 2014/08/21 2:55 p.m.22 views

CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS6.2AI score0.09149EPSS
Exploits1References47
Prion
Prionadded 2014/08/21 2:55 p.m.35 views

Design/Logic Flaw

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS6.7AI score0.09149EPSS
Exploits1References47Affected Software2
CVE
CVEadded 2014/08/21 12:0 a.m.316 views

CVE-2014-3577

CVE-2014-3577 (Apache HttpComponents) . The vulnerability affects Apache HttpClient prior to 4.3.5 and HttpAsyncClient prior to 4.0.2 where hostname verification against the certificate’s CN or subjectAltName can fail due to an incomplete/incorrect check, enabling man-in-the-middle attackers to s...

5.8CVSS6.5AI score0.09149EPSS
Exploits1References47Affected Software1
Cvelist
Cvelistadded 2014/08/21 12:0 a.m.26 views

CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

6.3AI score0.09149EPSS
Exploits1References47
OSV
OSVadded 2014/08/21 12:0 a.m.2 views

UBUNTU-CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS6.7AI score0.09149EPSS
Exploits1References3
Packet Storm
Packet Stormadded 2014/08/20 12:0 a.m.28 views

HybridAuth install.php PHP Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HybridAuth install.php PHP Code Execution', 'Description' = %q This module exploits a PHP code execution vulnerability in HybridAuth...

0.2AI score
Exploits0
securityvulns
securityvulnsadded 2014/08/18 12:0 a.m.50 views

Apache HttpClient certificate checking bypass

Validation bypass via malcrafted constructions like O="foo,CN=www.apache.org”...

5.8CVSS1.8AI score0.09149EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder