exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

bind:"BDU:2024-08705" OR bind:"CVE-2014-3577"

exploitDog

bind:"BDU:2024-08705" OR bind:"CVE-2014-3577"

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 13

Количество 13

BDU:2024-08705

около 11 лет назад

Уязвимость клиентского модуля Apache HttpClient средства Apache HttpComponents, позволяющая нарушителю подменить SSL-серверы

CVSS3: 6.5

EPSS: Низкий

CVE-2014-3577

около 11 лет назад

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

CVSS2: 5.8

EPSS: Низкий

CVE-2014-3577

около 11 лет назад

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

CVSS3: 4.8

EPSS: Низкий

CVE-2014-3577

около 11 лет назад

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

CVSS2: 5.8

EPSS: Низкий

CVE-2014-3577

около 11 лет назад

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents Htt ...

CVSS2: 5.8

EPSS: Низкий

GHSA-cfh5-3ghh-wfjx

почти 7 лет назад

Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient

EPSS: Низкий

ELSA-2014-1166

почти 11 лет назад

ELSA-2014-1166: jakarta-commons-httpclient security update (IMPORTANT)

EPSS: Низкий

ELSA-2014-1146

почти 11 лет назад

ELSA-2014-1146: httpcomponents-client security update (IMPORTANT)

EPSS: Низкий

openSUSE-SU-2020:1875-1

почти 5 лет назад

Security update for apache-commons-httpclient

EPSS: Низкий

openSUSE-SU-2020:1873-1

почти 5 лет назад

Security update for apache-commons-httpclient

EPSS: Низкий

SUSE-SU-2020:3152-1

почти 5 лет назад

Security update for apache-commons-httpclient

EPSS: Низкий

SUSE-SU-2020:3151-1

почти 5 лет назад

Security update for apache-commons-httpclient

EPSS: Низкий

SUSE-SU-2020:3149-1

почти 5 лет назад

Security update for apache-commons-httpclient

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	BDU:2024-08705 Уязвимость клиентского модуля Apache HttpClient средства Apache HttpComponents, позволяющая нарушителю подменить SSL-серверы	CVSS3: 6.5	1% Низкий	около 11 лет назад
	CVE-2014-3577 org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.	CVSS2: 5.8	1% Низкий	около 11 лет назад
	CVE-2014-3577 org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.	CVSS3: 4.8	1% Низкий	около 11 лет назад
	CVE-2014-3577 org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.	CVSS2: 5.8	1% Низкий	около 11 лет назад
	CVE-2014-3577 org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents Htt ...	CVSS2: 5.8	1% Низкий	около 11 лет назад
	GHSA-cfh5-3ghh-wfjx Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient		1% Низкий	почти 7 лет назад
	ELSA-2014-1166 ELSA-2014-1166: jakarta-commons-httpclient security update (IMPORTANT)			почти 11 лет назад
	ELSA-2014-1146 ELSA-2014-1146: httpcomponents-client security update (IMPORTANT)			почти 11 лет назад
	openSUSE-SU-2020:1875-1 Security update for apache-commons-httpclient			почти 5 лет назад
	openSUSE-SU-2020:1873-1 Security update for apache-commons-httpclient			почти 5 лет назад
	SUSE-SU-2020:3152-1 Security update for apache-commons-httpclient			почти 5 лет назад
	SUSE-SU-2020:3151-1 Security update for apache-commons-httpclient			почти 5 лет назад
	SUSE-SU-2020:3149-1 Security update for apache-commons-httpclient			почти 5 лет назад

Уязвимостей на страницу