ID de Prueba:	1.3.6.1.4.1.25623.1.0.120079
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-410)
Resumen:	The remote host is missing an update for the 'jakarta-commons-httpclient' package(s) announced via the ALAS-2014-410 advisory.
Descripción:	Summary: The remote host is missing an update for the 'jakarta-commons-httpclient' package(s) announced via the ALAS-2014-410 advisory. Vulnerability Insight: Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. Affected Software/OS: 'jakarta-commons-httpclient' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5783 BugTraq ID: 58073 http://www.securityfocus.com/bid/58073 http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf RedHat Security Advisories: RHSA-2013:0270 http://rhn.redhat.com/errata/RHSA-2013-0270.html RedHat Security Advisories: RHSA-2013:0679 http://rhn.redhat.com/errata/RHSA-2013-0679.html RedHat Security Advisories: RHSA-2013:0680 http://rhn.redhat.com/errata/RHSA-2013-0680.html RedHat Security Advisories: RHSA-2013:0681 http://rhn.redhat.com/errata/RHSA-2013-0681.html RedHat Security Advisories: RHSA-2013:0682 http://rhn.redhat.com/errata/RHSA-2013-0682.html RedHat Security Advisories: RHSA-2013:1147 http://rhn.redhat.com/errata/RHSA-2013-1147.html RedHat Security Advisories: RHSA-2013:1853 http://rhn.redhat.com/errata/RHSA-2013-1853.html RedHat Security Advisories: RHSA-2014:0224 http://rhn.redhat.com/errata/RHSA-2014-0224.html RedHat Security Advisories: RHSA-2017:0868 https://access.redhat.com/errata/RHSA-2017:0868 SuSE Security Announcement: openSUSE-SU-2013:0354 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-02/msg00078.html SuSE Security Announcement: openSUSE-SU-2013:0622 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00040.html SuSE Security Announcement: openSUSE-SU-2013:0623 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00041.html SuSE Security Announcement: openSUSE-SU-2013:0638 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-04/msg00053.html http://www.ubuntu.com/usn/USN-2769-1 XForce ISS Database: apache-commons-ssl-spoofing(79984) https://exchange.xforce.ibmcloud.com/vulnerabilities/79984 Common Vulnerability Exposure (CVE) ID: CVE-2012-6153 BugTraq ID: 69257 http://www.securityfocus.com/bid/69257 RedHat Security Advisories: RHSA-2014:1098 http://rhn.redhat.com/errata/RHSA-2014-1098.html RedHat Security Advisories: RHSA-2014:1833 http://rhn.redhat.com/errata/RHSA-2014-1833.html RedHat Security Advisories: RHSA-2014:1834 http://rhn.redhat.com/errata/RHSA-2014-1834.html RedHat Security Advisories: RHSA-2014:1835 http://rhn.redhat.com/errata/RHSA-2014-1835.html RedHat Security Advisories: RHSA-2014:1836 http://rhn.redhat.com/errata/RHSA-2014-1836.html RedHat Security Advisories: RHSA-2014:1891 http://rhn.redhat.com/errata/RHSA-2014-1891.html RedHat Security Advisories: RHSA-2014:1892 http://rhn.redhat.com/errata/RHSA-2014-1892.html RedHat Security Advisories: RHSA-2015:0125 http://rhn.redhat.com/errata/RHSA-2015-0125.html RedHat Security Advisories: RHSA-2015:0158 http://rhn.redhat.com/errata/RHSA-2015-0158.html RedHat Security Advisories: RHSA-2015:0675 http://rhn.redhat.com/errata/RHSA-2015-0675.html RedHat Security Advisories: RHSA-2015:0720 http://rhn.redhat.com/errata/RHSA-2015-0720.html RedHat Security Advisories: RHSA-2015:0765 http://rhn.redhat.com/errata/RHSA-2015-0765.html RedHat Security Advisories: RHSA-2015:0850 http://rhn.redhat.com/errata/RHSA-2015-0850.html RedHat Security Advisories: RHSA-2015:0851 http://rhn.redhat.com/errata/RHSA-2015-0851.html RedHat Security Advisories: RHSA-2015:1888 http://rhn.redhat.com/errata/RHSA-2015-1888.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3577 BugTraq ID: 69258 http://www.securityfocus.com/bid/69258 http://seclists.org/fulldisclosure/2014/Aug/48 http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E http://www.openwall.com/lists/oss-security/2021/10/06/1 http://www.osvdb.org/110143 RedHat Security Advisories: RHSA-2014:1146 http://rhn.redhat.com/errata/RHSA-2014-1146.html RedHat Security Advisories: RHSA-2014:1166 http://rhn.redhat.com/errata/RHSA-2014-1166.html RedHat Security Advisories: RHSA-2015:1176 http://rhn.redhat.com/errata/RHSA-2015-1176.html RedHat Security Advisories: RHSA-2015:1177 http://rhn.redhat.com/errata/RHSA-2015-1177.html RedHat Security Advisories: RHSA-2016:1773 http://rhn.redhat.com/errata/RHSA-2016-1773.html RedHat Security Advisories: RHSA-2016:1931 http://rhn.redhat.com/errata/RHSA-2016-1931.html http://www.securitytracker.com/id/1030812 http://secunia.com/advisories/60466 http://secunia.com/advisories/60589 http://secunia.com/advisories/60713 SuSE Security Announcement: openSUSE-SU-2020:1873 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html SuSE Security Announcement: openSUSE-SU-2020:1875 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html XForce ISS Database: apache-cve20143577-spoofing(95327) https://exchange.xforce.ibmcloud.com/vulnerabilities/95327
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.