Red Hat JBoss Fuse 6.1.0

CPE Details

Red Hat JBoss Fuse 6.1.0
redhat
jboss_fuse
6.1.0
2014-04-17
14h01 +00:00
2014-04-17
14h04 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:redhat:jboss_fuse:6.1.0:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

jboss_fuse

Version

6.1.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2014-8175 2015-07-08 13h00 +00:00 Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
6
CVE-2013-7397 2015-06-24 14h00 +00:00 Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.
4.3
CVE-2013-7398 2015-06-24 14h00 +00:00 main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
4.3
CVE-2014-5075 2014-10-25 19h00 +00:00 The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
6.8