CVE-2020-8028 salt-api is accessible to every user on SUSE Manager Server

A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system...

Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name

Summary CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name Vulnerability Details CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing...

Security Bulletin: Vulnerability from Apache HttpComponents affects IBM Cloud Pak System (CVE-2011-1498, CVE-2015-5262)

Summary Multiple vulnerabilities have been identified Apache HttpComponents shipped with IBM Cloud Pak System. Vulnerability Details CVEID: CVE-2011-1498 DESCRIPTION: Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the...

EulerOS 2.0 SP5 : jakarta-commons-httpclient (EulerOS-SA-2020-1109)

According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...

Huawei EulerOS: Security Advisory for httpcomponents-client (EulerOS-SA-2019-2518)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : httpcomponents-client (EulerOS-SA-2019-2518)

According to the version of the httpcomponents-client package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...

Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities

Summary IBM Security Privileged Identity Manager has addressed the following security vulnerabilities. Vulnerability Details CVEID: CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuerystrInput function. A remot...

Security Bulletin: Public disclosed vulnerabilities from Apache HttpComponents affects IBM Spectrum LSF

Summary Public disclosed vulnerabilities from Apache HttpComponents affects IBM Spectrum LSF: CVE-2012-6153, CVE-2014-3577 Vulnerability Details Brief Description: Apache HttpComponents CN spoofing CVE-ID: CVE-2012-6153 Description: Apache HttpComponents could allow a remote attacker to conduct...

Security Bulletin: Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF

Summary Public disclosed vulnerability from Apache HttpComponents affects IBM Spectrum LSF: CVE-2011-1498 Vulnerability Details Apache HttpComponents Client CVE-2011-1498 Affected version: HttpClient 4.x before 4.1.1 Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an...

Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpComponents HttpClient

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the...

Denial of service vulnerability in org.apache.httpcomponents:httpclient

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

GHSA-FMJ5-WV96-R2CH Denial of service vulnerability in org.apache.httpcomponents:httpclient

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities

Summary IBM Tivoli Netcool Impact has addressed the following open source vulnerabilities. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote attacker to...

Security Bulletin: Multiple vulnerability in Product IBM Tivoli Common Reporting (CVE-2015-7436,CVE-2015-7435,CVE-2012-6153,CVE-2014-3577,CVE-2015-7450,CVE-2015-4872)

Summary Fixes of Cognos Business Intelligence is provided as part of Tivoli Common Reporting TCR fixes. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos...

Security Bulletin: Apache HttpComponents vulnerable to spoofing attacks are affecting Case Manager Client (CVE-2012-6153, CVE-2014-3577)

Summary Apache HttpComponents that are vulnerable to spoofing attacks are affecting Case Manager Client. Vulnerability Details Apache HttpComponents that are being utilized by the Forms widget in Case Manager Client when you are working with IBM Forms are vulnerable to spoofing attacks. CVEID:...

Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-1498, CVE-2014-3577, CVE-2015-5262)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-1498 DESCRIPTION: Apache HttpComponents could allow a remote attacker to obtain sensitive information, caused by an...

Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM InfoSphere Information Server (CVE-2012-6153 CVE-2014-3577)

Summary Apache HttpComponents vulnerabilities while verifying certificates was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2012-6153 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by an incomplete fix relat...

Security Bulletin: IBM Cognos Business Intelligence Server 2015Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. CVE-2015-7436,CVE-2015-7435,CVE-2012-6153,CVE-2014-3577,CVE-2015-7450,CVE-2015-4872

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in October...

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.9

Summary Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server, IBM WebSphere Application Server Hypervisor, WebSphere Application Server Liberty Profile and IBM HTTP Server. Affected Products and Versions The following IBM WebSphere Application Server Version...

Security Bulletin: Apache HTTPComponents vulnerabilities in WebSphere Application Server (CVE-2012-6153, CVE-2014-3577)

Summary There are two vulnerabilities in Apache HTTPComponents that are used in IBM WebSphere Application Server. Although IBM WebSphere Application server is not vulnerable to these, other products or applications that use these libraries could be vulnerable. Vulnerability Details CVEID:...