914 matches found
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update
An update for JBoss Enterprise Web Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update
An updated jakarta-commons-httpclient package for JBoss Enterprise Application Platform 5.2.0 which fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerabili...
Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update
An update for JBoss Enterprise Application Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Medium: jakarta-commons-httpclient
Issue Overview: The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate th...
SAP ICF /sap/public/info Service Sensitive Information Gathering
This module uses the /sap/public/info service within SAP Internet Communication Framework ICF to obtain the operating system version, SAP version, IP address and other information. This module requires Metasploit: https://metasploit.com/download Current source:...
PolarBear CMS PHP File Upload Vulnerability
This module exploits a file upload vulnerability found in PolarBear CMS By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Curren...
RedHat Update for jakarta-commons-httpclient RHSA-2013:0270-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for jakarta-commons-httpclient CESA-2013:0270 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
RedHat Update for jakarta-commons-httpclient RHSA-2013:0270-01
Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test RedHat Update for jakarta-commons-httpclient RHSA-2013:0270-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
CentOS Update for jakarta-commons-httpclient CESA-2013:0270 centos5
Check for the Version of jakarta-commons-httpclient OpenVAS Vulnerability Test CentOS Update for jakarta-commons-httpclient CESA-2013:0270 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Scientific Linux Security Update : jakarta-commons-httpclient on SL5.x, SL6.x i386/x86_64 (20130219)
The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the- middle attacker to spoof an SSL server if they had a certificate that was valid fo...
jakarta security update
CentOS Errata and Security Advisory CESA-2013:0270 Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...
RHEL 5 / 6 : jakarta-commons-httpclient (RHSA-2013:0270)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0270 advisory. The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications such as web browsers and web service clients. The...
CentOS 5 : jakarta-commons-httpclient (CESA-2013:0270)
Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update
Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
jakarta-commons-httpclient security update
1:3.1-0.7 - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5783...
Fedora Update for jakarta-commons-httpclient FEDORA-2013-1203
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for jakarta-commons-httpclient FEDORA-2013-1289
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...