new packages: httpcomponents-core

An update is available for httpcomponents-core. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

new packages: httpcomponents-client

An update is available for httpcomponents-client. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

maven:3.6 security and enhancement update

httpcomponents-client 4.5.10-4 - Fix incorrect handling of malformed authority component in request URIs - Resolves: CVE-2020-13956 maven 1:3.6.2-7 - Add maven-openjdk17 - Resolves: rhbz1991521...

maven:3.6 security and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.3 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

RHEL 7 : rh-maven36-httpcomponents-client (RHSA-2022:0722)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0722 advisory. HttpClient is a HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It also provides reusable components for client-side...

Mageia: Security Advisory (MGASA-2021-0314)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0348)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration...

Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA)

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection...

Security Bulletin: Multiple security vulnerabilities ( CVE-2012-6153, CVE-2014-3577, CVE-2011-1498, CVE-2015-5262 ) has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerabilities CVE-2012-6153, CVE-2014-3577, CVE-2011-1498, CVE-2015-5262 in the Apache Commons and Apache HttpComponents jars have...

Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities in Apache HttpComponents and HttpCommons that affect WebSphere Application Server Vulnerability Details CVEID: CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service...

Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected with multiple vulnerabilities in Apache HttpComponents and HttpCommons

Summary There are multiple vulnerabilities in Apache HttpComponents and HttpCommons libraries which affect WebSphere Application Server. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by Multiple Vulnerabilities in Apache HttpComponents and HttpCommons

Summary There are multiple vulnerabilities in Apache HttpComponents and HttpCommons libraries which affect WebSphere Application Server. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Updated httpcomponents-client packages fix a security vulnerability

Priyank Nigam discovered that HttpComponents Client could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution CVE-2020-13956...

MGASA-2021-0314 Updated httpcomponents-client packages fix a security vulnerability

Priyank Nigam discovered that HttpComponents Client could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution CVE-2020-13956...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.2.0, 4.1.1 and 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)

Summary Embedded IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.

Summary Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. Vulnerability Details CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify...