Test Kennung:	1.3.6.1.4.1.25623.1.0.842488
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for commons-httpclient USN-2769-1
Zusammenfassung:	The remote host is missing an update for the 'commons-httpclient'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'commons-httpclient' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5783) Florian Weimer discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-6153) Subodh Iyengar and Will Shackleton discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3577) It was discovered that Apache Commons HttpClient did not properly handle read timeouts during HTTPS handshakes. A remote attacker could trigger this flaw to cause a denial of service. (CVE-2015-5262) Affected Software/OS: commons-httpclient on Ubuntu 15.04, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5783 BugTraq ID: 58073 http://www.securityfocus.com/bid/58073 http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf RedHat Security Advisories: RHSA-2013:0270 http://rhn.redhat.com/errata/RHSA-2013-0270.html RedHat Security Advisories: RHSA-2013:0679 http://rhn.redhat.com/errata/RHSA-2013-0679.html RedHat Security Advisories: RHSA-2013:0680 http://rhn.redhat.com/errata/RHSA-2013-0680.html RedHat Security Advisories: RHSA-2013:0681 http://rhn.redhat.com/errata/RHSA-2013-0681.html RedHat Security Advisories: RHSA-2013:0682 http://rhn.redhat.com/errata/RHSA-2013-0682.html RedHat Security Advisories: RHSA-2013:1147 http://rhn.redhat.com/errata/RHSA-2013-1147.html RedHat Security Advisories: RHSA-2013:1853 http://rhn.redhat.com/errata/RHSA-2013-1853.html RedHat Security Advisories: RHSA-2014:0224 http://rhn.redhat.com/errata/RHSA-2014-0224.html RedHat Security Advisories: RHSA-2017:0868 https://access.redhat.com/errata/RHSA-2017:0868 SuSE Security Announcement: openSUSE-SU-2013:0354 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html SuSE Security Announcement: openSUSE-SU-2013:0622 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html SuSE Security Announcement: openSUSE-SU-2013:0623 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html SuSE Security Announcement: openSUSE-SU-2013:0638 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html http://www.ubuntu.com/usn/USN-2769-1 XForce ISS Database: apache-commons-ssl-spoofing(79984) https://exchange.xforce.ibmcloud.com/vulnerabilities/79984 Common Vulnerability Exposure (CVE) ID: CVE-2012-6153 BugTraq ID: 69257 http://www.securityfocus.com/bid/69257 RedHat Security Advisories: RHSA-2014:1098 http://rhn.redhat.com/errata/RHSA-2014-1098.html RedHat Security Advisories: RHSA-2014:1833 http://rhn.redhat.com/errata/RHSA-2014-1833.html RedHat Security Advisories: RHSA-2014:1834 http://rhn.redhat.com/errata/RHSA-2014-1834.html RedHat Security Advisories: RHSA-2014:1835 http://rhn.redhat.com/errata/RHSA-2014-1835.html RedHat Security Advisories: RHSA-2014:1836 http://rhn.redhat.com/errata/RHSA-2014-1836.html RedHat Security Advisories: RHSA-2014:1891 http://rhn.redhat.com/errata/RHSA-2014-1891.html RedHat Security Advisories: RHSA-2014:1892 http://rhn.redhat.com/errata/RHSA-2014-1892.html RedHat Security Advisories: RHSA-2015:0125 http://rhn.redhat.com/errata/RHSA-2015-0125.html RedHat Security Advisories: RHSA-2015:0158 http://rhn.redhat.com/errata/RHSA-2015-0158.html RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html RedHat Security Advisories: RHSA-2015:0850 http://rhn.redhat.com/errata/RHSA-2015-0850.html RedHat Security Advisories: RHSA-2015:0851 http://rhn.redhat.com/errata/RHSA-2015-0851.html RedHat Security Advisories: RHSA-2015:1888 http://rhn.redhat.com/errata/RHSA-2015-1888.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3577 BugTraq ID: 69258 http://www.securityfocus.com/bid/69258 http://seclists.org/fulldisclosure/2014/Aug/48 http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E http://www.openwall.com/lists/oss-security/2021/10/06/1 http://www.osvdb.org/110143 RedHat Security Advisories: RHSA-2014:1146 http://rhn.redhat.com/errata/RHSA-2014-1146.html RedHat Security Advisories: RHSA-2014:1166 http://rhn.redhat.com/errata/RHSA-2014-1166.html RedHat Security Advisories: RHSA-2015:1176 http://rhn.redhat.com/errata/RHSA-2015-1176.html RedHat Security Advisories: RHSA-2015:1177 http://rhn.redhat.com/errata/RHSA-2015-1177.html RedHat Security Advisories: RHSA-2016:1773 http://rhn.redhat.com/errata/RHSA-2016-1773.html RedHat Security Advisories: RHSA-2016:1931 http://rhn.redhat.com/errata/RHSA-2016-1931.html http://www.securitytracker.com/id/1030812 http://secunia.com/advisories/60466 http://secunia.com/advisories/60589 http://secunia.com/advisories/60713 SuSE Security Announcement: openSUSE-SU-2020:1873 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html SuSE Security Announcement: openSUSE-SU-2020:1875 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html XForce ISS Database: apache-cve20143577-spoofing(95327) https://exchange.xforce.ibmcloud.com/vulnerabilities/95327 Common Vulnerability Exposure (CVE) ID: CVE-2015-5262 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168030.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167999.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167962.html http://www.securitytracker.com/id/1033743
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.