| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-3577 | 5.8 |
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName fi
|
27-10-2023 - 15:15 | 21-08-2014 - 14:55 | |
| CVE-2014-0364 | 5.0 |
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
|
23-02-2021 - 16:13 | 30-04-2014 - 10:49 | |
| CVE-2014-0363 | 5.8 |
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and o
|
23-02-2021 - 16:12 | 30-04-2014 - 10:49 | |
| CVE-2013-7398 | 4.3 |
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof
|
16-12-2020 - 06:15 | 24-06-2015 - 16:59 | |
| CVE-2013-7397 | 4.3 |
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presen
|
16-12-2020 - 06:15 | 24-06-2015 - 16:59 | |
| CVE-2015-0226 | 5.0 |
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via
|
23-07-2019 - 23:15 | 30-10-2017 - 14:29 | |
| CVE-2015-0227 | 5.0 |
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
|
04-10-2018 - 10:29 | 12-02-2015 - 16:59 | |
| CVE-2015-1796 | 4.3 |
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an en
|
30-11-2016 - 02:59 | 08-07-2015 - 15:59 | |
| CVE-2014-5075 | 6.8 |
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,
|
28-11-2016 - 19:12 | 25-10-2014 - 21:55 | |
| CVE-2014-8175 | 6.0 |
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
|
09-07-2015 - 15:44 | 08-07-2015 - 15:59 |