ID de Prueba:	1.3.6.1.4.1.25623.1.0.871237
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for httpcomponents-client RHSA-2014:1146-01
Resumen:	The remote host is missing an update for the 'httpcomponents-client'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'httpcomponents-client' package(s) announced via the referenced advisory. Vulnerability Insight: HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) For additional information on this flaw, refer to the Knowledgebase article in the References section. All httpcomponents-client users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: httpcomponents-client on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3577 BugTraq ID: 69258 http://www.securityfocus.com/bid/69258 http://seclists.org/fulldisclosure/2014/Aug/48 http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E http://www.openwall.com/lists/oss-security/2021/10/06/1 http://www.osvdb.org/110143 RedHat Security Advisories: RHSA-2014:1146 http://rhn.redhat.com/errata/RHSA-2014-1146.html RedHat Security Advisories: RHSA-2014:1166 http://rhn.redhat.com/errata/RHSA-2014-1166.html RedHat Security Advisories: RHSA-2014:1833 http://rhn.redhat.com/errata/RHSA-2014-1833.html RedHat Security Advisories: RHSA-2014:1834 http://rhn.redhat.com/errata/RHSA-2014-1834.html RedHat Security Advisories: RHSA-2014:1835 http://rhn.redhat.com/errata/RHSA-2014-1835.html RedHat Security Advisories: RHSA-2014:1836 http://rhn.redhat.com/errata/RHSA-2014-1836.html RedHat Security Advisories: RHSA-2014:1891 http://rhn.redhat.com/errata/RHSA-2014-1891.html RedHat Security Advisories: RHSA-2014:1892 http://rhn.redhat.com/errata/RHSA-2014-1892.html RedHat Security Advisories: RHSA-2015:0125 http://rhn.redhat.com/errata/RHSA-2015-0125.html RedHat Security Advisories: RHSA-2015:0158 http://rhn.redhat.com/errata/RHSA-2015-0158.html RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html RedHat Security Advisories: RHSA-2015:0850 http://rhn.redhat.com/errata/RHSA-2015-0850.html RedHat Security Advisories: RHSA-2015:0851 http://rhn.redhat.com/errata/RHSA-2015-0851.html RedHat Security Advisories: RHSA-2015:1176 http://rhn.redhat.com/errata/RHSA-2015-1176.html RedHat Security Advisories: RHSA-2015:1177 http://rhn.redhat.com/errata/RHSA-2015-1177.html RedHat Security Advisories: RHSA-2015:1888 http://rhn.redhat.com/errata/RHSA-2015-1888.html RedHat Security Advisories: RHSA-2016:1773 http://rhn.redhat.com/errata/RHSA-2016-1773.html RedHat Security Advisories: RHSA-2016:1931 http://rhn.redhat.com/errata/RHSA-2016-1931.html http://www.securitytracker.com/id/1030812 http://secunia.com/advisories/60466 http://secunia.com/advisories/60589 http://secunia.com/advisories/60713 SuSE Security Announcement: openSUSE-SU-2020:1873 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html SuSE Security Announcement: openSUSE-SU-2020:1875 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html http://www.ubuntu.com/usn/USN-2769-1 XForce ISS Database: apache-cve20143577-spoofing(95327) https://exchange.xforce.ibmcloud.com/vulnerabilities/95327 Common Vulnerability Exposure (CVE) ID: CVE-2012-6153 BugTraq ID: 69257 http://www.securityfocus.com/bid/69257 RedHat Security Advisories: RHSA-2014:1098 http://rhn.redhat.com/errata/RHSA-2014-1098.html
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.