{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2014-3577", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-06T10:50:17.592Z", "dateReserved": "2014-05-14T00:00:00", "datePublished": "2014-08-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-10-27T14:07:16.016530"}, "descriptions": [{"lang": "en", "value": "org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"CN=\" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the \"foo,CN=www.apache.org\" string in the O field."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "RHSA-2014:1891", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1891.html"}, {"name": "RHSA-2015:0765", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"}, {"url": "https://access.redhat.com/solutions/1165533"}, {"name": "110143", "tags": ["vdb-entry"], "url": "http://www.osvdb.org/110143"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "RHSA-2015:0675", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"}, {"name": "60713", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/60713"}, {"url": "http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html"}, {"name": "RHSA-2015:0720", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"}, {"name": "RHSA-2014:1166", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1166.html"}, {"name": "RHSA-2015:1888", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html"}, {"name": "RHSA-2014:1833", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1833.html"}, {"name": "RHSA-2015:0850", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"name": "RHSA-2015:0158", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0158.html"}, {"name": "RHSA-2014:1834", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1834.html"}, {"name": "60466", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/60466"}, {"name": "RHSA-2015:0125", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0125.html"}, {"name": "RHSA-2015:1176", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"}, {"name": "RHSA-2016:1931", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1931.html"}, {"name": "RHSA-2014:1146", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1146.html"}, {"name": "RHSA-2015:1177", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"}, {"name": "69258", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/69258"}, {"name": "RHSA-2014:1892", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1892.html"}, {"name": "RHSA-2015:0851", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"}, {"name": "RHSA-2014:1835", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1835.html"}, {"name": "1030812", "tags": ["vdb-entry"], "url": "http://www.securitytracker.com/id/1030812"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782"}, {"name": "USN-2769-1", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/USN-2769-1"}, {"name": "60589", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/60589"}, {"name": "RHSA-2014:1836", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1836.html"}, {"name": "apache-cve20143577-spoofing(95327)", "tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95327"}, {"name": "20140818 CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2014/Aug/48"}, {"name": "RHSA-2016:1773", "tags": ["vendor-advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "openSUSE-SU-2020:1873", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html"}, {"name": "openSUSE-SU-2020:1875", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[oss-security] 20211006 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2021/10/06/1"}, {"url": "https://security.netapp.com/advisory/ntap-20231027-0003/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2014-08-18T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:17.592Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2014:1891", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1891.html"}, {"name": "RHSA-2015:0765", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"}, {"url": "https://access.redhat.com/solutions/1165533", "tags": ["x_transferred"]}, {"name": "110143", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.osvdb.org/110143"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["x_transferred"]}, {"name": "RHSA-2015:0675", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"}, {"name": "60713", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/60713"}, {"url": "http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html", "tags": ["x_transferred"]}, {"name": "RHSA-2015:0720", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"}, {"name": "RHSA-2014:1166", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1166.html"}, {"name": "RHSA-2015:1888", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html"}, {"name": "RHSA-2014:1833", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1833.html"}, {"name": "RHSA-2015:0850", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"name": "RHSA-2015:0158", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0158.html"}, {"name": "RHSA-2014:1834", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1834.html"}, {"name": "60466", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/60466"}, {"name": "RHSA-2015:0125", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0125.html"}, {"name": "RHSA-2015:1176", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"}, {"name": "RHSA-2016:1931", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1931.html"}, {"name": "RHSA-2014:1146", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1146.html"}, {"name": "RHSA-2015:1177", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"}, {"name": "69258", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/69258"}, {"name": "RHSA-2014:1892", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1892.html"}, {"name": "RHSA-2015:0851", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564", "tags": ["x_transferred"]}, {"name": "RHSA-2014:1835", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1835.html"}, {"name": "1030812", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securitytracker.com/id/1030812"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782", "tags": ["x_transferred"]}, {"name": "USN-2769-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2769-1"}, {"name": "60589", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/60589"}, {"name": "RHSA-2014:1836", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1836.html"}, {"name": "apache-cve20143577-spoofing(95327)", "tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95327"}, {"name": "20140818 CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/Aug/48"}, {"name": "RHSA-2016:1773", "tags": ["vendor-advisory", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "openSUSE-SU-2020:1873", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html"}, {"name": "openSUSE-SU-2020:1875", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[oss-security] 20211006 Multiple vulnerabilities in Jenkins and Jenkins plugins", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/06/1"}, {"url": "https://security.netapp.com/advisory/ntap-20231027-0003/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:httpclient:*:*:*:*:*:*:*:*", "matchCriteriaId": "B255B644-287F-4245-93EC-35C72729454F", "versionEndIncluding": "4.3.4", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:httpasyncclient:*:*:*:*:*:*:*:*", "matchCriteriaId": "A889F3E1-B405-4F5C-84A9-DFBA68ECEDC7", "versionEndIncluding": "4.0.1", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"CN=\" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the \"foo,CN=www.apache.org\" string in the O field."}, {"lang": "es", "value": "org.apache.http.conn.ssl.AbstractVerifier en Apache HttpComponents HttpClient anterior a 4.3.5 y HttpAsyncClient anterior a 4.0.2 no verifica debidamente que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) o subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a trav\u00e9s de una cadena 'CN=' en un campo en el Distinguished Name (DN) de un certificado, tal y como fue demostrado por la cadena 'foo,CN=www.apache.org' en el campo O."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/297.html\" rel=\"nofollow\">CWE-297: Improper Validation of Certificate with Host Mismatch</a>", "id": "CVE-2014-3577", "lastModified": "2024-11-21T02:08:25.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-21T14:55:05.100", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1146.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1166.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1833.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1834.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1835.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1836.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1891.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1892.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0125.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0158.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1931.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2014/Aug/48"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60466"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60589"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60713"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2021/10/06/1"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.osvdb.org/110143"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/69258"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030812"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2769-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/solutions/1165533"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95327"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20231027-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1146.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1166.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1833.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1834.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1835.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1836.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1891.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1892.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0125.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0158.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1931.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2014/Aug/48"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60466"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2021/10/06/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.osvdb.org/110143"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/69258"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2769-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/solutions/1165533"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20231027-0003/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1320", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "jakarta-commons-httpclient-1:3.1-4_patch_02.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1320", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "jboss-seam2-0:2.2.6.EAP5-22_patch_01.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1833", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "apache-cxf-0:2.2.12-14.patch_09.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2014-11-10T00:00:00Z"}, {"advisory": "RHSA-2014:1320", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", "package": "jakarta-commons-httpclient-1:3.1-4_patch_02.el6_5", "product_name": "JBEWP 5 for RHEL 6", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1320", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", "package": "jboss-seam2-0:2.2.6.EAP5-22_patch_01.el6", "product_name": "JBEWP 5 for RHEL 6", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1833", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", "package": "apache-cxf-0:2.2.12-14.patch_09.el6", "product_name": "JBEWP 5 for RHEL 6", "release_date": "2014-11-10T00:00:00Z"}, {"advisory": "RHSA-2014:1166", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "jakarta-commons-httpclient-1:3.0-7jpp.4.el5_10", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-09-08T00:00:00Z"}, {"advisory": "RHSA-2014:1166", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "jakarta-commons-httpclient-1:3.1-0.9.el6_5", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-09-08T00:00:00Z"}, {"advisory": "RHSA-2014:1146", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "httpcomponents-client-0:4.2.5-5.el7_0", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-09-03T00:00:00Z"}, {"advisory": "RHSA-2014:1166", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "jakarta-commons-httpclient-1:3.1-16.el7_0", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-09-08T00:00:00Z"}, {"advisory": "RHSA-2016:1931", "cpe": "cpe:/a:redhat:jboss_amq:6.2", "product_name": "Red Hat JBoss A-MQ 6.2", "release_date": "2016-09-23T00:00:00Z"}, {"advisory": "RHSA-2015:1177", "cpe": "cpe:/a:redhat:jboss_amq:6.2.0", "product_name": "Red Hat JBoss A-MQ 6.2", "release_date": "2015-06-23T00:00:00Z"}, {"advisory": "RHSA-2014:1892", "cpe": "cpe:/a:redhat:jboss_bpms:6.0", "package": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss BPMS 6.0", "release_date": "2014-11-24T00:00:00Z"}, {"advisory": "RHSA-2015:0234", "cpe": "cpe:/a:redhat:jboss_bpms:6.0", "package": "httpclient", "product_name": "Red Hat JBoss BPMS 6.0", "release_date": "2015-02-17T00:00:00Z"}, {"advisory": "RHSA-2015:0851", "cpe": "cpe:/a:redhat:jboss_bpms:6.0", "package": "cxf", "product_name": "Red Hat JBoss BPMS 6.0", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0851", "cpe": "cpe:/a:redhat:jboss_bpms:6.0", "package": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss BPMS 6.0", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2014:1891", "cpe": "cpe:/a:redhat:jboss_brms:6.0", "package": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss BRMS 6.0", "release_date": "2014-11-24T00:00:00Z"}, {"advisory": "RHSA-2015:0235", "cpe": "cpe:/a:redhat:jboss_brms:6.0", "package": "httpclient", "product_name": "Red Hat JBoss BRMS 6.0", "release_date": "2015-02-17T00:00:00Z"}, {"advisory": "RHSA-2015:0850", "cpe": "cpe:/a:redhat:jboss_brms:6.0", "package": "cxf", "product_name": "Red Hat JBoss BRMS 6.0", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0850", "cpe": "cpe:/a:redhat:jboss_brms:6.0", "package": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss BRMS 6.0", "release_date": "2015-04-16T00:00:00Z"}, {"advisory": "RHSA-2015:0765", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.0", "package": "httpclient", "product_name": "Red Hat JBoss Data Virtualization 6.0", "release_date": "2015-03-31T00:00:00Z"}, {"advisory": "RHSA-2015:0675", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.1", "product_name": "Red Hat JBoss Data Virtualization 6.1", "release_date": "2015-03-11T00:00:00Z"}, {"advisory": "RHSA-2014:1323", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "package": "httpclient", "product_name": "Red Hat JBoss Enterprise Application Platform 5.2", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1323", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "package": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Enterprise Application Platform 5.2", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1836", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "product_name": "Red Hat JBoss Enterprise Application Platform 5.2", "release_date": "2014-11-10T00:00:00Z"}, {"advisory": "RHSA-2014:1321", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "jakarta-commons-httpclient-1:3.1-4_patch_02.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1321", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "jboss-seam2-0:2.2.6.EAP5-22_patch_01.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "apache-cxf-0:2.2.12-14.patch_09.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2014-11-10T00:00:00Z"}, {"advisory": "RHSA-2014:1321", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "jakarta-commons-httpclient-1:3.1-4_patch_02.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1321", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "jboss-seam2-0:2.2.6.EAP5-22_patch_01.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "apache-cxf-0:2.2.12-14.patch_09.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2014-11-10T00:00:00Z"}, {"advisory": "RHSA-2014:1321", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", "package": "jakarta-commons-httpclient-1:3.1-4_patch_02.el6_5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1321", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", "package": "jboss-seam2-0:2.2.6.EAP5-22_patch_01.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", "package": "apache-cxf-0:2.2.12-14.patch_09.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", "release_date": "2014-11-10T00:00:00Z"}, {"advisory": "RHSA-2014:1163", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.3", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3", "release_date": "2014-09-04T00:00:00Z"}, {"advisory": "RHSA-2014:2020", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.3", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3", "release_date": "2014-12-18T00:00:00Z"}, {"advisory": "RHSA-2014:1162", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "httpcomponents-eap6-0:6-12.redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 5", "release_date": "2014-09-04T00:00:00Z"}, {"advisory": "RHSA-2014:2019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "apache-cxf-0:2.7.12-1.SP1_redhat_5.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 5", "release_date": "2014-12-18T00:00:00Z"}, {"advisory": "RHSA-2014:2019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "wss4j-0:1.6.16-2.redhat_3.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 5", "release_date": "2014-12-18T00:00:00Z"}, {"advisory": "RHSA-2014:1162", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "httpcomponents-eap6-0:6-12.redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 6", "release_date": "2014-09-04T00:00:00Z"}, {"advisory": "RHSA-2014:2019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "apache-cxf-0:2.7.12-1.SP1_redhat_5.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 6", "release_date": "2014-12-18T00:00:00Z"}, {"advisory": "RHSA-2014:2019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "wss4j-0:1.6.16-2.redhat_3.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 6", "release_date": "2014-12-18T00:00:00Z"}, {"advisory": "RHSA-2014:1162", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "httpcomponents-eap6-0:6-12.redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7", "release_date": "2014-09-04T00:00:00Z"}, {"advisory": "RHSA-2014:2019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "apache-cxf-0:2.7.12-1.SP1_redhat_5.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7", "release_date": "2014-12-18T00:00:00Z"}, {"advisory": "RHSA-2014:2019", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "wss4j-0:1.6.16-2.redhat_3.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7", "release_date": "2014-12-18T00:00:00Z"}, {"advisory": "RHSA-2016:1931", "cpe": "cpe:/a:redhat:jboss_fuse:6.2", "product_name": "Red Hat JBoss Fuse 6.2", "release_date": "2016-09-23T00:00:00Z"}, {"advisory": "RHSA-2015:1176", "cpe": "cpe:/a:redhat:jboss_fuse:6.2.0", "product_name": "Red Hat JBoss Fuse 6.2", "release_date": "2015-06-23T00:00:00Z"}, {"advisory": "RHSA-2015:0720", "cpe": "cpe:/a:redhat:jboss_fuse_service_works:6.0", "package": "httpclient", "product_name": "Red Hat JBoss Fuse Service Works 6.0", "release_date": "2015-03-24T00:00:00Z"}, {"advisory": "RHSA-2014:1904", "cpe": "cpe:/a:redhat:jboss_operations_network:3.3", "package": "httpclient", "product_name": "Red Hat JBoss Operations Network 3.3", "release_date": "2014-11-25T00:00:00Z"}, {"advisory": "RHSA-2014:1904", "cpe": "cpe:/a:redhat:jboss_operations_network:3.3", "package": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Operations Network 3.3", "release_date": "2014-11-25T00:00:00Z"}, {"advisory": "RHSA-2015:1009", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.2", "package": "httpclient", "product_name": "Red Hat JBoss Portal 6.2", "release_date": "2015-05-14T00:00:00Z"}, {"advisory": "RHSA-2015:1888", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3", "package": "cxf", "product_name": "Red Hat JBoss SOA Platform 5.3", "release_date": "2015-10-12T00:00:00Z"}, {"advisory": "RHSA-2015:1888", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3", "package": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss SOA Platform 5.3", "release_date": "2015-10-12T00:00:00Z"}, {"advisory": "RHSA-2015:0125", "cpe": "cpe:/a:redhat:jboss_enterprise_web_framework:2.7.0", "package": "httpclient", "product_name": "Red Hat JBoss Web Framework Kit 2.7", "release_date": "2015-02-04T00:00:00Z"}, {"advisory": "RHSA-2014:1322", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "package": "httpclient", "product_name": "Red Hat JBoss Web Platform 5.2", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1322", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "package": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Web Platform 5.2", "release_date": "2014-09-29T00:00:00Z"}, {"advisory": "RHSA-2014:1835", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "product_name": "Red Hat JBoss Web Platform 5.2", "release_date": "2014-11-10T00:00:00Z"}, {"advisory": "RHSA-2022:0055", "cpe": "cpe:/a:redhat:openshift:4.10::el8", "impact": "moderate", "package": "jenkins-0:2.319.2.1643288987-1.el8", "product_name": "Red Hat OpenShift Container Platform 4.10", "release_date": "2022-03-10T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "activemq-0:5.9.0-6.redhat.611463.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "ImageMagick-0:6.7.2.7-5.el6_8", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "jenkins-0:1.651.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "libcgroup-0:0.40.rc1-18.el6_8", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-broker-0:1.16.3.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-broker-util-0:1.37.6.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "openshift-origin-node-util-0:1.38.7.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rhc-0:1.38.7.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2016:1773", "cpe": "cpe:/a:redhat:openshift:2.0::el6", "package": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op", "product_name": "Red Hat OpenShift Enterprise 2.2", "release_date": "2016-08-24T00:00:00Z"}, {"advisory": "RHSA-2014:1082", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "thermostat1-httpcomponents-client-0:4.2.5-3.4.el6.1", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6", "release_date": "2014-08-20T00:00:00Z"}, {"advisory": "RHSA-2014:1082", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "thermostat1-httpcomponents-client-0:4.2.5-3.4.el6.1", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS", "release_date": "2014-08-20T00:00:00Z"}, {"advisory": "RHSA-2015:0158", "cpe": "cpe:/a:redhat:rhev_manager:3", "package": "org.ovirt.engine-root-0:3.5.0-29", "product_name": "RHEV Manager version 3.5", "release_date": "2015-02-11T00:00:00Z"}], "bugzilla": {"description": "CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix", "id": "1129074", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1129074"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-297", "details": ["org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"CN=\" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the \"foo,CN=www.apache.org\" string in the O field.", "It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate."], "name": "CVE-2014-3577", "package_state": [{"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Not affected", "package_name": "wagon-http", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:developer_toolset:2.1", "fix_state": "Not affected", "package_name": "httpcomponents-client", "product_name": "Red Hat Developer Toolset 2.1"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Affected", "package_name": "redhat-support-plugin-rhev", "product_name": "Red Hat Enterprise Virtualization 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Affected", "package_name": "rhevm-dependencies", "product_name": "Red Hat Enterprise Virtualization 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Will not fix", "package_name": "httpclient", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Will not fix", "package_name": "modeshape-client", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Affected", "package_name": "httpclient", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Fix deferred", "package_name": "modeshape-client", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Enterprise Application Platform 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Fix deferred", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "amq-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "ewp-5", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "fsf-2", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "fuse-esb-4", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-esb-7", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "fuse-mq-5.4", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-mq-5.5", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fuse-mq-7", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Fix deferred", "package_name": "jds-5", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Fix deferred", "package_name": "jds-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Fix deferred", "package_name": "jds-7", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5", "fix_state": "Affected", "package_name": "httpclient", "product_name": "Red Hat JBoss Portal 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:5", "fix_state": "Affected", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss Portal 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:4.3", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat JBoss SOA Platform 4.3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Affected", "package_name": "cxf", "product_name": "Red Hat JBoss SOA Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Affected", "package_name": "httpclient", "product_name": "Red Hat JBoss SOA Platform 5"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Affected", "package_name": "httpclient", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Not affected", "package_name": "wagon-http", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Will not fix", "package_name": "jakarta-commons-httpclient", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "httpcomponents-client", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Affected", "package_name": "maven30-httpcomponents-client", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Affected", "package_name": "maven30-jakarta-commons-httpclient", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Will not fix", "package_name": "rhevm-dependencies", "product_name": "Red Hat Storage 2.1"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Will not fix", "package_name": "rhevm-dependencies", "product_name": "Red Hat Storage 3.0"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Affected", "package_name": "ovirt-engine-sdk-java", "product_name": "Red Hat Virtualization 4"}], "public_date": "2014-08-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3577\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3577"], "statement": "Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/solutions/1165533\nThis issue affects the versions of HttpComponents Client as shipped with Red Hat JBoss Data Grid 6 and Red Hat JBoss Data Virtualization 6; and ModeShape Client as shipped with Red Hat JBoss Data Virtualization 6. However, this flaw is not known to be exploitable under any supported scenario in Red Hat JBoss Data Grid 6 and JBoss Data Virtualization 6. A future update may address this issue.\nRed Hat JBoss Enterprise Application Platform 4, Red Hat JBoss SOA Platform 4, and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/\nFuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/", "threat_severity": "Important", "upstream_fix": "httpcomponents-client 4.3.5"}