admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2014/3xxx/CVE-2014-3577.json
CVE Team 782020520e
- Synchronized data.
2018-07-18 09:04:41 -04:00

228 lines
7.7 KiB
JSON
Raw Blame History

{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"CN=\" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the \"foo,CN=www.apache.org\" string in the O field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140818 CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Aug/48"
},
{
"name" : "http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127913/Apache-HttpComponents-Man-In-The-Middle.html"
},
{
"name" : "https://access.redhat.com/solutions/1165533",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/solutions/1165533"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05363782"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "RHSA-2014:1146",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1146.html"
},
{
"name" : "RHSA-2014:1166",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1166.html"
},
{
"name" : "RHSA-2014:1833",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1833.html"
},
{
"name" : "RHSA-2014:1834",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1834.html"
},
{
"name" : "RHSA-2014:1835",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1835.html"
},
{
"name" : "RHSA-2014:1836",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1836.html"
},
{
"name" : "RHSA-2014:1891",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1891.html"
},
{
"name" : "RHSA-2014:1892",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1892.html"
},
{
"name" : "RHSA-2015:0158",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0158.html"
},
{
"name" : "RHSA-2015:0125",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0125.html"
},
{
"name" : "RHSA-2015:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name" : "RHSA-2015:0720",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name" : "RHSA-2015:0765",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name" : "RHSA-2015:0850",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name" : "RHSA-2015:0851",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name" : "RHSA-2015:1176",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1176.html"
},
{
"name" : "RHSA-2015:1177",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1177.html"
},
{
"name" : "RHSA-2015:1888",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1888.html"
},
{
"name" : "RHSA-2016:1773",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
},
{
"name" : "RHSA-2016:1931",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1931.html"
},
{
"name" : "USN-2769-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2769-1"
},
{
"name" : "69258",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69258"
},
{
"name" : "110143",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/110143"
},
{
"name" : "1030812",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030812"
},
{
"name" : "60713",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60713"
},
{
"name" : "60589",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60589"
},
{
"name" : "60466",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60466"
},
{
"name" : "apache-cve20143577-spoofing(95327)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95327"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink