Download
| Alert*
|
oval:org.secpod.oval:def:203198
jakarta-commons-httpclient is installed oval:org.secpod.oval:def:1506172 apache-commons-collections apache-commons-net [3.6-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [3.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.6-1] - Update to upstream version 3.6 jss [4.9.4-1] - Rebase to JSS 4.9.4 - Bug 2013674 - JSS canno ... oval:org.secpod.oval:def:507274 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-core: access to external entities when parsing XML can lead to XXE For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other ... oval:org.secpod.oval:def:2501016 The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. oval:org.secpod.oval:def:73606 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class For more details about the security issue, including the impact, a CVSS score, acknowledgm ... oval:org.secpod.oval:def:1505209 apache-commons-collections jss [4.8.1-2] - Bug 1932803 - HSM + FIPS: CMCRequest with a shared secret resulting in error [4.8.1-1] - Rebase to upstream JSS v4.8.1 - Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class - Red Hat Bugilla #1489256 - [RFE] jss should support RSA wi ... oval:org.secpod.oval:def:2500485 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:1505303 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600228 The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any ... oval:org.secpod.oval:def:202554 The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications . The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man- ... oval:org.secpod.oval:def:500974 The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications . The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man- ... oval:org.secpod.oval:def:1500097 Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severit ... oval:org.secpod.oval:def:1500052 Updated jakarta-commons-httpclient packages that fix one security issue arenow available for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity ... oval:org.secpod.oval:def:107433 The Hyper-Text Transfer Protocol is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of applications ... oval:org.secpod.oval:def:1600140 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject"s Common Name or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to ... oval:org.secpod.oval:def:501380 Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.50 ... oval:org.secpod.oval:def:203420 Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.5 ... oval:org.secpod.oval:def:203423 Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.5 ... oval:org.secpod.oval:def:109571 The Hyper-Text Transfer Protocol is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of application ... oval:org.secpod.oval:def:109554 The Hyper-Text Transfer Protocol is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of application ... oval:org.secpod.oval:def:1500703 Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity r ... oval:org.secpod.oval:def:107402 The Hyper-Text Transfer Protocol is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of applications ... oval:org.secpod.oval:def:1500709 Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity r ... oval:org.secpod.oval:def:203417 Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.5 ... oval:org.secpod.oval:def:1500710 Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity r ... oval:org.secpod.oval:def:2501013 The Public Key Infrastructure Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. oval:org.secpod.oval:def:2500199 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:68019 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribu ... oval:org.secpod.oval:def:504689 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * jquery: Cross-site scripting via cross-domain ajax requests * bootstrap: XSS in the data-target attribute * bootstrap: Cross-site Scripting in the collapse data-parent attribu ... oval:org.secpod.oval:def:2500205 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:1505309 The advisory is missing the security advisory description. For more information please visit the reference link |
