Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871238
Category:Red Hat Local Security Checks
Title:RedHat Update for jakarta-commons-httpclient RHSA-2014:1166-01
Summary:The remote host is missing an update for the 'jakarta-commons-httpclient'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'jakarta-commons-httpclient'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Jakarta Commons HTTPClient implements the client side of HTTP standards.

It was discovered that the HTTPClient incorrectly extracted host name from
an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3577)

For additional information on this flaw, refer to the Knowledgebase
article in the References section.

All jakarta-commons-httpclient users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at


1129074 - CVE-2014-3577 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
jakarta-commons-httpclient-3.0-7jpp.4.el5_10.src.rpm

i386:
jakarta-commons-httpclient-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.i386.rpm

x86_64:
jakarta-commons-httpclient-3.0-7jpp.4.el5_10.x86_64.rpm
jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.x86_64.rpm

Red Hat Enterprise Linux Desktop Workstation (v. 5 client):

Source:
jakarta-commons-httpclient-3.0-7jpp.4.el5_10.src.rpm

i386:
jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.i386.rpm

x86_64:
jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.x86_64.rpm
jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.x86_64.rpm
jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.x86_64.rpm
jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
jakarta-commons-httpclient-3.0-7jpp.4.el5_10.src.rpm

i386:
jakarta-commons-httpclient-3.0-7jpp.4.el5_10.i386.rpm
jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_ ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
jakarta-commons-httpclient on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3577
BugTraq ID: 69258
http://www.securityfocus.com/bid/69258
http://seclists.org/fulldisclosure/2014/Aug/48
http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
http://www.osvdb.org/110143
RedHat Security Advisories: RHSA-2014:1146
http://rhn.redhat.com/errata/RHSA-2014-1146.html
RedHat Security Advisories: RHSA-2014:1166
http://rhn.redhat.com/errata/RHSA-2014-1166.html
RedHat Security Advisories: RHSA-2014:1833
http://rhn.redhat.com/errata/RHSA-2014-1833.html
RedHat Security Advisories: RHSA-2014:1834
http://rhn.redhat.com/errata/RHSA-2014-1834.html
RedHat Security Advisories: RHSA-2014:1835
http://rhn.redhat.com/errata/RHSA-2014-1835.html
RedHat Security Advisories: RHSA-2014:1836
http://rhn.redhat.com/errata/RHSA-2014-1836.html
RedHat Security Advisories: RHSA-2014:1891
http://rhn.redhat.com/errata/RHSA-2014-1891.html
RedHat Security Advisories: RHSA-2014:1892
http://rhn.redhat.com/errata/RHSA-2014-1892.html
RedHat Security Advisories: RHSA-2015:0125
http://rhn.redhat.com/errata/RHSA-2015-0125.html
RedHat Security Advisories: RHSA-2015:0158
http://rhn.redhat.com/errata/RHSA-2015-0158.html
RedHat Security Advisories: RHSA-2015:0675
http://rhn.redhat.com/errata/RHSA-2015-0675.html
RedHat Security Advisories: RHSA-2015:0720
http://rhn.redhat.com/errata/RHSA-2015-0720.html
RedHat Security Advisories: RHSA-2015:0765
http://rhn.redhat.com/errata/RHSA-2015-0765.html
RedHat Security Advisories: RHSA-2015:0850
http://rhn.redhat.com/errata/RHSA-2015-0850.html
RedHat Security Advisories: RHSA-2015:0851
http://rhn.redhat.com/errata/RHSA-2015-0851.html
RedHat Security Advisories: RHSA-2015:1176
http://rhn.redhat.com/errata/RHSA-2015-1176.html
RedHat Security Advisories: RHSA-2015:1177
http://rhn.redhat.com/errata/RHSA-2015-1177.html
RedHat Security Advisories: RHSA-2015:1888
http://rhn.redhat.com/errata/RHSA-2015-1888.html
RedHat Security Advisories: RHSA-2016:1773
http://rhn.redhat.com/errata/RHSA-2016-1773.html
RedHat Security Advisories: RHSA-2016:1931
http://rhn.redhat.com/errata/RHSA-2016-1931.html
http://www.securitytracker.com/id/1030812
http://secunia.com/advisories/60466
http://secunia.com/advisories/60589
http://secunia.com/advisories/60713
SuSE Security Announcement: openSUSE-SU-2020:1873 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html
SuSE Security Announcement: openSUSE-SU-2020:1875 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html
http://www.ubuntu.com/usn/USN-2769-1
XForce ISS Database: apache-cve20143577-spoofing(95327)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95327
Common Vulnerability Exposure (CVE) ID: CVE-2012-6153
BugTraq ID: 69257
http://www.securityfocus.com/bid/69257
RedHat Security Advisories: RHSA-2014:1098
http://rhn.redhat.com/errata/RHSA-2014-1098.html
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.