ID CVE-2014-3577
Summary org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:httpclient:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.0:alpha4:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.1:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.1:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.1:alpha2:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.1:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.1:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.1:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.2:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.2:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.2:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.2:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpasyncclient:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpasyncclient:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpasyncclient:4.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpasyncclient:4.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpasyncclient:4.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:apache:httpasyncclient:4.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpasyncclient:4.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:apache:httpasyncclient:4.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpasyncclient:4.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpasyncclient:4.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpasyncclient:4.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:httpasyncclient:4.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpasyncclient:4.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:httpasyncclient:4.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpasyncclient:4.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:apache:httpasyncclient:4.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpasyncclient:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpasyncclient:4.0.1:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 27-10-2023 - 15:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
  • bugzilla
    id 1129074
    title CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment httpcomponents-client is earlier than 0:4.2.5-5.el7_0
            oval oval:com.redhat.rhsa:tst:20141146001
          • comment httpcomponents-client is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141146002
        • AND
          • comment httpcomponents-client-javadoc is earlier than 0:4.2.5-5.el7_0
            oval oval:com.redhat.rhsa:tst:20141146003
          • comment httpcomponents-client-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141146004
    rhsa
    id RHSA-2014:1146
    released 2014-09-03
    severity Important
    title RHSA-2014:1146: httpcomponents-client security update (Important)
  • bugzilla
    id 1129074
    title CVE-2014-3577 Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment jakarta-commons-httpclient is earlier than 1:3.0-7jpp.4.el5_10
            oval oval:com.redhat.rhsa:tst:20141166001
          • comment jakarta-commons-httpclient is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130270011
        • AND
          • comment jakarta-commons-httpclient-demo is earlier than 1:3.0-7jpp.4.el5_10
            oval oval:com.redhat.rhsa:tst:20141166003
          • comment jakarta-commons-httpclient-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130270013
        • AND
          • comment jakarta-commons-httpclient-javadoc is earlier than 1:3.0-7jpp.4.el5_10
            oval oval:com.redhat.rhsa:tst:20141166005
          • comment jakarta-commons-httpclient-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130270015
        • AND
          • comment jakarta-commons-httpclient-manual is earlier than 1:3.0-7jpp.4.el5_10
            oval oval:com.redhat.rhsa:tst:20141166007
          • comment jakarta-commons-httpclient-manual is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130270017
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment jakarta-commons-httpclient is earlier than 1:3.1-0.9.el6_5
            oval oval:com.redhat.rhsa:tst:20141166010
          • comment jakarta-commons-httpclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20130270002
        • AND
          • comment jakarta-commons-httpclient-demo is earlier than 1:3.1-0.9.el6_5
            oval oval:com.redhat.rhsa:tst:20141166012
          • comment jakarta-commons-httpclient-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20130270004
        • AND
          • comment jakarta-commons-httpclient-javadoc is earlier than 1:3.1-0.9.el6_5
            oval oval:com.redhat.rhsa:tst:20141166014
          • comment jakarta-commons-httpclient-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20130270006
        • AND
          • comment jakarta-commons-httpclient-manual is earlier than 1:3.1-0.9.el6_5
            oval oval:com.redhat.rhsa:tst:20141166016
          • comment jakarta-commons-httpclient-manual is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20130270008
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment jakarta-commons-httpclient is earlier than 1:3.1-16.el7_0
            oval oval:com.redhat.rhsa:tst:20141166019
          • comment jakarta-commons-httpclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20130270002
        • AND
          • comment jakarta-commons-httpclient-demo is earlier than 1:3.1-16.el7_0
            oval oval:com.redhat.rhsa:tst:20141166020
          • comment jakarta-commons-httpclient-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20130270004
        • AND
          • comment jakarta-commons-httpclient-javadoc is earlier than 1:3.1-16.el7_0
            oval oval:com.redhat.rhsa:tst:20141166021
          • comment jakarta-commons-httpclient-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20130270006
        • AND
          • comment jakarta-commons-httpclient-manual is earlier than 1:3.1-16.el7_0
            oval oval:com.redhat.rhsa:tst:20141166022
          • comment jakarta-commons-httpclient-manual is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20130270008
    rhsa
    id RHSA-2014:1166
    released 2014-09-08
    severity Important
    title RHSA-2014:1166: jakarta-commons-httpclient security update (Important)
  • rhsa
    id RHSA-2014:1833
  • rhsa
    id RHSA-2014:1834
  • rhsa
    id RHSA-2014:1835
  • rhsa
    id RHSA-2014:1836
  • rhsa
    id RHSA-2014:1891
  • rhsa
    id RHSA-2014:1892
  • rhsa
    id RHSA-2015:0125
  • rhsa
    id RHSA-2015:0158
  • rhsa
    id RHSA-2015:0675
  • rhsa
    id RHSA-2015:0720
  • rhsa
    id RHSA-2015:0765
  • rhsa
    id RHSA-2015:0850
  • rhsa
    id RHSA-2015:0851
  • rhsa
    id RHSA-2015:1176
  • rhsa
    id RHSA-2015:1177
  • rhsa
    id RHSA-2015:1888
  • rhsa
    id RHSA-2016:1773
  • rhsa
    id RHSA-2016:1931
rpms
  • thermostat1-httpcomponents-client-0:4.2.5-3.4.el6.1
  • thermostat1-httpcomponents-client-javadoc-0:4.2.5-3.4.el6.1
  • httpcomponents-client-0:4.2.5-5.el7_0
  • httpcomponents-client-javadoc-0:4.2.5-5.el7_0
  • httpclient-eap6-0:4.2.1-12.redhat_2.1.ep6.el5
  • httpclient-eap6-0:4.2.1-12.redhat_2.1.ep6.el6
  • httpclient-eap6-0:4.2.1-12.redhat_2.1.ep6.el7
  • httpcomponents-client-eap6-0:4.2.1-12.redhat_2.1.ep6.el5
  • httpcomponents-client-eap6-0:4.2.1-12.redhat_2.1.ep6.el6
  • httpcomponents-client-eap6-0:4.2.1-12.redhat_2.1.ep6.el7
  • httpcomponents-core-eap6-0:4.2.1-12.redhat_2.1.ep6.el5
  • httpcomponents-core-eap6-0:4.2.1-12.redhat_2.1.ep6.el6
  • httpcomponents-core-eap6-0:4.2.1-12.redhat_2.1.ep6.el7
  • httpcomponents-project-eap6-0:6-12.redhat_2.1.ep6.el5
  • httpcomponents-project-eap6-0:6-12.redhat_2.1.ep6.el6
  • httpcomponents-project-eap6-0:6-12.redhat_2.1.ep6.el7
  • httpcore-eap6-0:4.2.1-12.redhat_2.1.ep6.el5
  • httpcore-eap6-0:4.2.1-12.redhat_2.1.ep6.el6
  • httpcore-eap6-0:4.2.1-12.redhat_2.1.ep6.el7
  • httpmime-eap6-0:4.2.1-12.redhat_2.1.ep6.el5
  • httpmime-eap6-0:4.2.1-12.redhat_2.1.ep6.el6
  • httpmime-eap6-0:4.2.1-12.redhat_2.1.ep6.el7
  • jakarta-commons-httpclient-1:3.0-7jpp.4.el5_10
  • jakarta-commons-httpclient-1:3.1-0.9.el6_5
  • jakarta-commons-httpclient-1:3.1-16.el7_0
  • jakarta-commons-httpclient-debuginfo-1:3.0-7jpp.4.el5_10
  • jakarta-commons-httpclient-debuginfo-1:3.1-0.9.el6_5
  • jakarta-commons-httpclient-demo-1:3.0-7jpp.4.el5_10
  • jakarta-commons-httpclient-demo-1:3.1-0.9.el6_5
  • jakarta-commons-httpclient-demo-1:3.1-16.el7_0
  • jakarta-commons-httpclient-javadoc-1:3.0-7jpp.4.el5_10
  • jakarta-commons-httpclient-javadoc-1:3.1-0.9.el6_5
  • jakarta-commons-httpclient-javadoc-1:3.1-16.el7_0
  • jakarta-commons-httpclient-manual-1:3.0-7jpp.4.el5_10
  • jakarta-commons-httpclient-manual-1:3.1-0.9.el6_5
  • jakarta-commons-httpclient-manual-1:3.1-16.el7_0
  • jakarta-commons-httpclient-1:3.1-4_patch_02.el6_5
  • jakarta-commons-httpclient-1:3.1-4_patch_02.ep5.el4
  • jakarta-commons-httpclient-1:3.1-4_patch_02.ep5.el5
  • jboss-seam2-0:2.2.6.EAP5-22_patch_01.el6
  • jboss-seam2-0:2.2.6.EAP5-22_patch_01.ep5.el4
  • jboss-seam2-0:2.2.6.EAP5-22_patch_01.ep5.el5
  • jboss-seam2-docs-0:2.2.6.EAP5-22_patch_01.el6
  • jboss-seam2-docs-0:2.2.6.EAP5-22_patch_01.ep5.el4
  • jboss-seam2-docs-0:2.2.6.EAP5-22_patch_01.ep5.el5
  • jboss-seam2-examples-0:2.2.6.EAP5-22_patch_01.el6
  • jboss-seam2-examples-0:2.2.6.EAP5-22_patch_01.ep5.el4
  • jboss-seam2-examples-0:2.2.6.EAP5-22_patch_01.ep5.el5
  • jboss-seam2-runtime-0:2.2.6.EAP5-22_patch_01.el6
  • jboss-seam2-runtime-0:2.2.6.EAP5-22_patch_01.ep5.el4
  • jboss-seam2-runtime-0:2.2.6.EAP5-22_patch_01.ep5.el5
  • jakarta-commons-httpclient-1:3.1-4_patch_02.el6_5
  • jakarta-commons-httpclient-1:3.1-4_patch_02.ep5.el4
  • jakarta-commons-httpclient-1:3.1-4_patch_02.ep5.el5
  • jboss-seam2-0:2.2.6.EAP5-22_patch_01.el6
  • jboss-seam2-0:2.2.6.EAP5-22_patch_01.ep5.el4
  • jboss-seam2-0:2.2.6.EAP5-22_patch_01.ep5.el5
  • jboss-seam2-docs-0:2.2.6.EAP5-22_patch_01.el6
  • jboss-seam2-docs-0:2.2.6.EAP5-22_patch_01.ep5.el4
  • jboss-seam2-docs-0:2.2.6.EAP5-22_patch_01.ep5.el5
  • jboss-seam2-examples-0:2.2.6.EAP5-22_patch_01.el6
  • jboss-seam2-examples-0:2.2.6.EAP5-22_patch_01.ep5.el4
  • jboss-seam2-examples-0:2.2.6.EAP5-22_patch_01.ep5.el5
  • jboss-seam2-runtime-0:2.2.6.EAP5-22_patch_01.el6
  • jboss-seam2-runtime-0:2.2.6.EAP5-22_patch_01.ep5.el4
  • jboss-seam2-runtime-0:2.2.6.EAP5-22_patch_01.ep5.el5
  • apache-cxf-0:2.2.12-14.patch_09.el6
  • apache-cxf-0:2.2.12-14.patch_09.ep5.el4
  • apache-cxf-0:2.2.12-14.patch_09.ep5.el5
  • apache-cxf-0:2.2.12-14.patch_09.el6
  • apache-cxf-0:2.2.12-14.patch_09.ep5.el4
  • apache-cxf-0:2.2.12-14.patch_09.ep5.el5
  • apache-cxf-0:2.7.12-1.SP1_redhat_5.1.ep6.el5
  • apache-cxf-0:2.7.12-1.SP1_redhat_5.1.ep6.el6
  • apache-cxf-0:2.7.12-1.SP1_redhat_5.1.ep6.el7
  • wss4j-0:1.6.16-2.redhat_3.1.ep6.el5
  • wss4j-0:1.6.16-2.redhat_3.1.ep6.el6
  • wss4j-0:1.6.16-2.redhat_3.1.ep6.el7
  • rhevm-0:3.5.0-0.29.el6ev
  • rhevm-backend-0:3.5.0-0.29.el6ev
  • rhevm-dbscripts-0:3.5.0-0.29.el6ev
  • rhevm-extensions-api-impl-0:3.5.0-0.29.el6ev
  • rhevm-extensions-api-impl-javadoc-0:3.5.0-0.29.el6ev
  • rhevm-lib-0:3.5.0-0.29.el6ev
  • rhevm-restapi-0:3.5.0-0.29.el6ev
  • rhevm-setup-0:3.5.0-0.29.el6ev
  • rhevm-setup-base-0:3.5.0-0.29.el6ev
  • rhevm-setup-plugin-allinone-0:3.5.0-0.29.el6ev
  • rhevm-setup-plugin-ovirt-engine-0:3.5.0-0.29.el6ev
  • rhevm-setup-plugin-ovirt-engine-common-0:3.5.0-0.29.el6ev
  • rhevm-setup-plugin-websocket-proxy-0:3.5.0-0.29.el6ev
  • rhevm-tools-0:3.5.0-0.29.el6ev
  • rhevm-userportal-0:3.5.0-0.29.el6ev
  • rhevm-webadmin-portal-0:3.5.0-0.29.el6ev
  • rhevm-websocket-proxy-0:3.5.0-0.29.el6ev
  • ImageMagick-debuginfo-0:6.7.2.7-5.el6_8
  • ImageMagick-devel-0:6.7.2.7-5.el6_8
  • ImageMagick-doc-0:6.7.2.7-5.el6_8
  • ImageMagick-perl-0:6.7.2.7-5.el6_8
  • activemq-0:5.9.0-6.redhat.611463.el6op
  • activemq-client-0:5.9.0-6.redhat.611463.el6op
  • jenkins-0:1.651.2-1.el6op
  • libcgroup-debuginfo-0:0.40.rc1-18.el6_8
  • libcgroup-pam-0:0.40.rc1-18.el6_8
  • openshift-origin-broker-0:1.16.3.2-1.el6op
  • openshift-origin-broker-util-0:1.37.6.2-1.el6op
  • openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op
  • openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op
  • openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op
  • openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op
  • openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op
  • openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op
  • openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op
  • openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op
  • openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op
  • openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op
  • openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op
  • openshift-origin-cartridge-php-0:1.35.4.2-1.el6op
  • openshift-origin-cartridge-python-0:1.34.3.2-1.el6op
  • openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op
  • openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op
  • openshift-origin-node-proxy-0:1.26.3.1-1.el6op
  • openshift-origin-node-util-0:1.38.7.1-1.el6op
  • rhc-0:1.38.7.1-1.el6op
  • rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op
  • rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op
  • rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op
  • rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op
  • rubygem-openshift-origin-node-0:1.38.6.4-1.el6op
  • rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op
refmap via4
bid 69258
confirm
fulldisc 20140818 CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
misc http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html
mlist
  • [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html
  • [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html
  • [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html
  • [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html
  • [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
  • [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
  • [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
osvdb 110143
sectrack 1030812
secunia
  • 60466
  • 60589
  • 60713
suse
  • openSUSE-SU-2020:1873
  • openSUSE-SU-2020:1875
ubuntu USN-2769-1
xf apache-cve20143577-spoofing(95327)
Last major update 27-10-2023 - 15:15
Published 21-08-2014 - 14:55
Last modified 27-10-2023 - 15:15
Back to Top