5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
wagon-http-shared4 is vulnerable to man-in-the-middle attack. The SSL certificate checks are not enabled by default which would allow remote attackers to spoof the server and perform a man-in-the-middle attack.
CPE | Name | Operator | Version |
---|---|---|---|
jenkins | eq | 1.488__2.el6op | |
jenkins | eq | 1.502__1.el6op | |
jenkins | eq | 1.498__1.1.el6op |
rhn.redhat.com/errata/RHSA-2013-0700.html
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=917084
lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
maven.apache.org/security.html
rhn.redhat.com/errata/RHSA-2013-0700.html