Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0212)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2015.0212

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2015-0212)

Zusammenfassung: The remote host is missing an update for the 'async-http-client' package(s) announced via the MGASA-2015-0212 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'async-http-client' package(s) announced via the MGASA-2015-0212 advisory.

Vulnerability Insight:
Updated async-http-client packages fix security vulnerabilities:

It was found that async-http-client would disable SSL/TLS certificate
verification under certain conditions, for example if HTTPS communication also
uses client certificates. This can be exploited by a Man-in-the-middle (MITM)
attack where the attacker can spoof a valid certificate (CVE-2013-7397).

It was found that async-http-client did not verify that the server hostname
matched the domain name in the subject's Common Name (CN) or subjectAltName
field in X.509 certificates. This could allow a man-in-the-middle attacker to
spoof an SSL server if they had a certificate that was valid for any domain
name (CVE-2013-7398).

Affected Software/OS:
'async-http-client' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-7397
BugTraq ID: 69316
http://www.securityfocus.com/bid/69316
http://openwall.com/lists/oss-security/2014/08/26/1
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
RedHat Security Advisories: RHSA-2015:0850
http://rhn.redhat.com/errata/RHSA-2015-0850.html
RedHat Security Advisories: RHSA-2015:0851
http://rhn.redhat.com/errata/RHSA-2015-0851.html
RedHat Security Advisories: RHSA-2015:1176
http://rhn.redhat.com/errata/RHSA-2015-1176.html
RedHat Security Advisories: RHSA-2015:1551
http://rhn.redhat.com/errata/RHSA-2015-1551.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-7398
BugTraq ID: 69317
http://www.securityfocus.com/bid/69317

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2015.0212
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0212)
Zusammenfassung:	The remote host is missing an update for the 'async-http-client' package(s) announced via the MGASA-2015-0212 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'async-http-client' package(s) announced via the MGASA-2015-0212 advisory. Vulnerability Insight: Updated async-http-client packages fix security vulnerabilities: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also uses client certificates. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can spoof a valid certificate (CVE-2013-7397). It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name (CVE-2013-7398). Affected Software/OS: 'async-http-client' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7397 BugTraq ID: 69316 http://www.securityfocus.com/bid/69316 http://openwall.com/lists/oss-security/2014/08/26/1 https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E RedHat Security Advisories: RHSA-2015:0850 http://rhn.redhat.com/errata/RHSA-2015-0850.html RedHat Security Advisories: RHSA-2015:0851 http://rhn.redhat.com/errata/RHSA-2015-0851.html RedHat Security Advisories: RHSA-2015:1176 http://rhn.redhat.com/errata/RHSA-2015-1176.html RedHat Security Advisories: RHSA-2015:1551 http://rhn.redhat.com/errata/RHSA-2015-1551.html Common Vulnerability Exposure (CVE) ID: CVE-2013-7398 BugTraq ID: 69317 http://www.securityfocus.com/bid/69317
Copyright	Copyright (C) 2022 Greenbone AG