[SECURITY] Fedora 40 Update: httpcomponents-client-4.5.14-8.fc40

HttpClient is a HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It also provides reusable components for client-side authentication, HTTP state management, and HTTP connection management. HttpComponents Client is a successor of and replacement for Commons HttpClient...

Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2012-6153, CVE-2014-3577, CVE-2020-13956)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for VMware only, and IBM Storage Protect for Space Management can be affected by a vulnerability in Apache HttpComponents. The vulnerability can lead to spoofing attacks, bypass of...

Security Bulletin: Multiple Vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons affect IBM Engineering Lifecycle Optimization - Publishing

Summary There are multiple vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons libraries. This has been addressed. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection...

Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management products.

Summary IBM DB2 is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. CVSS Bas...

Security Bulletin: Multiple Vulnerabilities found in IBM DB2 which is shipped with IBM® Intelligent Operations Center(CVE-2022-43929, CVE-2022-43927, CVE-2014-3577, CVE-2022-43930)

Summary Multiple vulnerabilities have been identified in IBM DB2 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2023

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF022 and 22.0.2-IF006. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 a...

Security Bulletin: Vulnerability for path traversal fixed in IBM Security Verify Governance

Summary The following security vulnerability has been addressed in IBM Security Verify Governance. Vulnerability Details IBM X-Force ID: 220912 DESCRIPTION: Apache HttpComponents Client could allow a remote attacker to traverse directories on the system, caused by improper validation of user...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, cause...

maven bug fix and enhancement update

An update is available for plexus-interpolation, httpcomponents-core, maven-wagon, maven, google-guice, jsoup, jansi, apache-commons-io, apache-commons-lang3, maven-shared-utils, plexus-utils, plexus-classworlds, jakarta-annotations, httpcomponents-client, apache-commons-codec, plexus-cipher,...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 used by IBM Security Verify Governance, Identity Manager software component

Summary Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Security Verify...

Amazon Linux 2 : httpcomponents-client (ALAS-2023-1946)

The version of httpcomponents-client installed on the remote host is prior to 4.2.5-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1946 advisory. Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in reques...

K15737: Apache vulnerability CVE-2014-3577

Security Advisory Description org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509...

Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...

Security Bulletin: IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. (CVE-2014-3577)

Summary IBM® Db2® Connect Server is vulnerable due to the use of Apache HttpComponents. Vulnerability Details CVEID:CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain...

Security Bulletin: Multiple Vulnerabilities in Java packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Java packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2010-2245 DESCRIPTION: Apache Wink could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when...

Ubuntu: Security Advisory (USN-5239-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-20454 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML Extern...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Portal shipped with IBM Intelligent Operations Center and related products (CVE-2015-5262)

Summary IBM WebSphere Portal is shipped as a component of IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM WebSphere Portal has been published in a security bulletin. Vulnerability Details Consult the security bulletin: Fixes available for Security...

USN-5239-1: HttpClient vulnerability

It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code...

CentOS 8 : maven:3.6 (CESA-2022:4797)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:4797 advisory. - maven-shared-utils: Command injection via Commandline class CVE-2022-29599 Note that Nessus has not tested for this issue but has instead relied only on the...