The vulnerability of the Apache HttpClient client module of Apache HttpComponents (http/impl/client/HttpClientBuilder.java) allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Apache HttpClient client module of the Apache server http/impl/client/HttpClientBuilder.java is related to insufficient validation of input data X509HostnameVerifier. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity,...

CVE-2015-5262

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

Updated jakarta-commons-httpclient and httpcomponents-client packages fixes security vulnerability

The Apache httpclient library had a bug where the socket timeout was ignored during the SSL handshake, causing threads in an application to hang CVE-2015-5262...

Oracle: Security Advisory (ELSA-2014-1146)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in 'Apache Commons HttpClient' that allows a man-in-the-middle attacker to spoof SSL servers via a certificate with a subject...

Important: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.0.0 security update

Red Hat JBoss Data Virtualization 6.0.0 2015 roll up patch 1, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update

Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 4, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 security update

Red Hat JBoss BRMS 6.0.3 roll up patch 2, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...

SOL15737 - Apache vulnerability CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

[ MDVSA-2014:170 ] jakarta-commons-httpclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:170 http://www.mandriva.com/en/support/security/ Package : jakarta-commons-httpclient Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated jakarta-commons-httpclient and...

Mandriva Linux Security Advisory : jakarta-commons-httpclient (MDVSA-2014:170)

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability : The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS wh...

CentOS Update for httpcomponents-client CESA-2014:1146 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM WebSphere Portal 8.x < 8.0.0.1 CF13 Multiple Vulnerabilities

The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the HttpClient component of the Apache HttpComponents library. An attacker can exploit this issue by sending a Proxy-Authorization header to retriev...

CentOS 7 : httpcomponents-client (CESA-2014:1146)

Updated httpcomponents-client packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

RedHat Update for httpcomponents-client RHSA-2014:1146-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : httpcomponents-client (ELSA-2014-1146)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-1146 advisory. 4.2.5-5 - Fix MITM security vulnerability - Resolves: CVE-2014-3577 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

RHEL 7 : httpcomponents-client (RHSA-2014:1146)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1146 advisory. HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly...

httpcomponents-client security update

4.2.5-5 - Fix MITM security vulnerability - Resolves: CVE-2014-3577...

Fedora Update for httpcomponents-client FEDORA-2014-9617

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for httpcomponents-client FEDORA-2014-9629

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...