Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:redhat:jboss_fuse:6.1.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-8175 |
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. Published: July 08, 2015; 11:59:00 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2013-7398 |
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. Published: June 24, 2015; 12:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-7397 |
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates. Published: June 24, 2015; 12:59:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-5075 |
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Published: October 25, 2014; 5:55:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |