ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0348
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0348)
Resumen:	The remote host is missing an update for the 'httpcomponents-client, jakarta-commons-httpclient' package(s) announced via the MGASA-2014-0348 advisory.
Descripción:	Summary: The remote host is missing an update for the 'httpcomponents-client, jakarta-commons-httpclient' package(s) announced via the MGASA-2014-0348 advisory. Vulnerability Insight: Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities: The Jakarta Commons HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used (CVE-2012-6153). The Apache httpcomponents HttpClient component may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used (CVE-2014-3577). Affected Software/OS: 'httpcomponents-client, jakarta-commons-httpclient' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6153 BugTraq ID: 69257 http://www.securityfocus.com/bid/69257 RedHat Security Advisories: RHSA-2014:1098 http://rhn.redhat.com/errata/RHSA-2014-1098.html RedHat Security Advisories: RHSA-2014:1833 http://rhn.redhat.com/errata/RHSA-2014-1833.html RedHat Security Advisories: RHSA-2014:1834 http://rhn.redhat.com/errata/RHSA-2014-1834.html RedHat Security Advisories: RHSA-2014:1835 http://rhn.redhat.com/errata/RHSA-2014-1835.html RedHat Security Advisories: RHSA-2014:1836 http://rhn.redhat.com/errata/RHSA-2014-1836.html RedHat Security Advisories: RHSA-2014:1891 http://rhn.redhat.com/errata/RHSA-2014-1891.html RedHat Security Advisories: RHSA-2014:1892 http://rhn.redhat.com/errata/RHSA-2014-1892.html RedHat Security Advisories: RHSA-2015:0125 http://rhn.redhat.com/errata/RHSA-2015-0125.html RedHat Security Advisories: RHSA-2015:0158 http://rhn.redhat.com/errata/RHSA-2015-0158.html RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html RedHat Security Advisories: RHSA-2015:0850 http://rhn.redhat.com/errata/RHSA-2015-0850.html RedHat Security Advisories: RHSA-2015:0851 http://rhn.redhat.com/errata/RHSA-2015-0851.html RedHat Security Advisories: RHSA-2015:1888 http://rhn.redhat.com/errata/RHSA-2015-1888.html http://www.ubuntu.com/usn/USN-2769-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3577 BugTraq ID: 69258 http://www.securityfocus.com/bid/69258 http://seclists.org/fulldisclosure/2014/Aug/48 http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E http://www.openwall.com/lists/oss-security/2021/10/06/1 http://www.osvdb.org/110143 RedHat Security Advisories: RHSA-2014:1146 http://rhn.redhat.com/errata/RHSA-2014-1146.html RedHat Security Advisories: RHSA-2014:1166 http://rhn.redhat.com/errata/RHSA-2014-1166.html RedHat Security Advisories: RHSA-2015:1176 http://rhn.redhat.com/errata/RHSA-2015-1176.html RedHat Security Advisories: RHSA-2015:1177 http://rhn.redhat.com/errata/RHSA-2015-1177.html RedHat Security Advisories: RHSA-2016:1773 http://rhn.redhat.com/errata/RHSA-2016-1773.html RedHat Security Advisories: RHSA-2016:1931 http://rhn.redhat.com/errata/RHSA-2016-1931.html http://www.securitytracker.com/id/1030812 http://secunia.com/advisories/60466 http://secunia.com/advisories/60589 http://secunia.com/advisories/60713 SuSE Security Announcement: openSUSE-SU-2020:1873 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html SuSE Security Announcement: openSUSE-SU-2020:1875 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html XForce ISS Database: apache-cve20143577-spoofing(95327) https://exchange.xforce.ibmcloud.com/vulnerabilities/95327
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.