5.8 - USN-2769-1

Executive Summary

Summary
Title	Apache Commons HttpClient

Informations
Name	USN-2769-1	First vendor Publication	2015-10-14
Vendor	Ubuntu	Last vendor Modification	2015-10-14
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score	5.8	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in commons-httpclient.

Software Description: - commons-httpclient: A Java(TM) library for creating HTTP clients

Details:

It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5783)

Florian Weimer discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-6153)

Subodh Iyengar and Will Shackleton discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3577)

It was discovered that Apache Commons HttpClient did not properly handle read timeouts during HTTPS handshakes. A remote attacker could trigger this flaw to cause a denial of service. (CVE-2015-5262)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04:
libcommons-httpclient-java 3.1-10.2ubuntu0.15.04.1

Ubuntu 14.04 LTS:
libcommons-httpclient-java 3.1-10.2ubuntu0.14.04.1

Ubuntu 12.04 LTS:
libcommons-httpclient-java 3.1-10ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2769-1
CVE-2012-5783, CVE-2012-6153, CVE-2014-3577, CVE-2015-5262

Package Information:
https://launchpad.net/ubuntu/+source/commons-httpclient/3.1-10.2ubuntu0.15.04.1
https://launchpad.net/ubuntu/+source/commons-httpclient/3.1-10.2ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/commons-httpclient/3.1-10ubuntu0.1

Original Source

Url : http://www.ubuntu.com/usn/USN-2769-1

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-399	Resource Management Errors
33 %	CWE-295	Certificate Issues
33 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21046

Oval ID:	oval:org.mitre.oval:def:21046
Title:	RHSA-2013:0270: jakarta-commons-httpclient security update (Moderate)
Description:	Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0270-02 CESA-2013:0270 CVE-2012-5783	Version:	4
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	jakarta-commons-httpclient
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section jakarta-commons-httpclient-javadoc is earlier than 1:3.1-0.7.el6_3 AND jakarta-commons-httpclient is earlier than 1:3.1-0.7.el6_3 AND jakarta-commons-httpclient-demo is earlier than 1:3.1-0.7.el6_3 AND jakarta-commons-httpclient-manual is earlier than 1:3.1-0.7.el6_3 AND Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section jakarta-commons-httpclient-javadoc is earlier than 1:3.0-7jpp.2 AND jakarta-commons-httpclient is earlier than 1:3.0-7jpp.2 AND jakarta-commons-httpclient-demo is earlier than 1:3.0-7jpp.2 AND jakarta-commons-httpclient-manual is earlier than 1:3.0-7jpp.2

Definition Id: oval:org.mitre.oval:def:23325

Oval ID:	oval:org.mitre.oval:def:23325
Title:	DEPRECATED: ELSA-2013:0270: jakarta-commons-httpclient security update (Moderate)
Description:	Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0270-02 CVE-2012-5783	Version:	7
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	jakarta-commons-httpclient
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test jakarta-commons-httpclient-javadoc is earlier than 1:3.1-0.7.el6_3 AND jakarta-commons-httpclient is earlier than 1:3.1-0.7.el6_3 AND jakarta-commons-httpclient-demo is earlier than 1:3.1-0.7.el6_3 AND jakarta-commons-httpclient-manual is earlier than 1:3.1-0.7.el6_3 OR rpm test Oracle Linux 5.x AND rpm test jakarta-commons-httpclient-javadoc is earlier than 1:3.0-7jpp.2 AND jakarta-commons-httpclient is earlier than 1:3.0-7jpp.2 AND jakarta-commons-httpclient-demo is earlier than 1:3.0-7jpp.2 AND jakarta-commons-httpclient-manual is earlier than 1:3.0-7jpp.2

Definition Id: oval:org.mitre.oval:def:23687

Oval ID:	oval:org.mitre.oval:def:23687
Title:	ELSA-2013:0270: jakarta-commons-httpclient security update (Moderate)
Description:	Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0270-02 CVE-2012-5783	Version:	6
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	jakarta-commons-httpclient
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test jakarta-commons-httpclient-javadoc is earlier than 1:3.1-0.7.el6_3 AND jakarta-commons-httpclient is earlier than 1:3.1-0.7.el6_3 AND jakarta-commons-httpclient-demo is earlier than 1:3.1-0.7.el6_3 AND jakarta-commons-httpclient-manual is earlier than 1:3.1-0.7.el6_3 OR rpm test Oracle Linux 5.x AND rpm test jakarta-commons-httpclient-javadoc is earlier than 1:3.0-7jpp.2 AND jakarta-commons-httpclient is earlier than 1:3.0-7jpp.2 AND jakarta-commons-httpclient-demo is earlier than 1:3.0-7jpp.2 AND jakarta-commons-httpclient-manual is earlier than 1:3.0-7jpp.2

Definition Id: oval:org.mitre.oval:def:26049

Oval ID:	oval:org.mitre.oval:def:26049
Title:	SUSE-SU-2013:0610-1 -- Security update for jakarta
Description:	The following issue has been fixed: * SSL certificate hostname verification was not done and is fixed by this update. (CVE-2012-5783) Security Issue reference: * CVE-2012-5783 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783 >
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:0610-1 CVE-2012-5783	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	jakarta
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed AND jakarta-commons-httpclient3 RPM is earlier than 0:3.0.1-253.36.1

Definition Id: oval:org.mitre.oval:def:26139

Oval ID:	oval:org.mitre.oval:def:26139
Title:	RHSA-2014:1146: httpcomponents-client security update (Important)
Description:	HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1146-00 CESA-2014:1146 CVE-2014-3577	Version:	3
Platform(s):	Red Hat Enterprise Linux 7 CentOS Linux 7	Product(s):	httpcomponents-client
Definition Synopsis:
Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section httpcomponents-client is earlier than 0:4.2.5-5.el7_0 AND httpcomponents-client-javadoc is earlier than 0:4.2.5-5.el7_0

Definition Id: oval:org.mitre.oval:def:26499

Oval ID:	oval:org.mitre.oval:def:26499
Title:	RHSA-2014:1166: jakarta-commons-httpclient security update (Important)
Description:	Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) For additional information on this flaw, refer to the Knowledgebase article in the References section. All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1166-00 CESA-2014:1166 CVE-2014-3577	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 CentOS Linux 7	Product(s):	jakarta-commons-httpclient
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section jakarta-commons-httpclient is earlier than 1:3.0-7jpp.4.el5_10 AND jakarta-commons-httpclient-demo is earlier than 1:3.0-7jpp.4.el5_10 AND jakarta-commons-httpclient-javadoc is earlier than 1:3.0-7jpp.4.el5_10 AND jakarta-commons-httpclient-manual is earlier than 1:3.0-7jpp.4.el5_10 AND Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section jakarta-commons-httpclient is earlier than 1:3.1-0.9.el6_5 AND jakarta-commons-httpclient-demo is earlier than 1:3.1-0.9.el6_5 AND jakarta-commons-httpclient-javadoc is earlier than 1:3.1-0.9.el6_5 AND jakarta-commons-httpclient-manual is earlier than 1:3.1-0.9.el6_5 AND Operation system section Redhat 7 or Centos 7 release The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages section jakarta-commons-httpclient is earlier than 1:3.1-16.el7_0 AND jakarta-commons-httpclient-demo is earlier than 1:3.1-16.el7_0 AND jakarta-commons-httpclient-javadoc is earlier than 1:3.1-16.el7_0 AND jakarta-commons-httpclient-manual is earlier than 1:3.1-16.el7_0

Definition Id: oval:org.mitre.oval:def:26509

Oval ID:	oval:org.mitre.oval:def:26509
Title:	ELSA-2014-1146 -- httpcomponents-client security update (Important)
Description:	HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) For additional information on this flaw, refer to the Knowledgebase article in the References section. All httpcomponents-client users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1146 CVE-2014-3577 CVE-2012-6153	Version:	3
Platform(s):	Oracle Linux 7	Product(s):	httpcomponents-client
Definition Synopsis:
Oracle Linux 7.x Packages match section httpcomponents-client RPM is earlier than 0:4.2.5-5.el7_0 AND httpcomponents-client-javadoc RPM is earlier than 0:4.2.5-5.el7_0

Definition Id: oval:org.mitre.oval:def:27050

Oval ID:	oval:org.mitre.oval:def:27050
Title:	ELSA-2014-1166 -- jakarta-commons-httpclient security update (Important)
Description:	Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) For additional information on this flaw, refer to the Knowledgebase article in the References section. All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1166 CVE-2014-3577 CVE-2012-6153	Version:	5
Platform(s):	Oracle Linux 7 Oracle Linux 6 Oracle Linux 5	Product(s):	jakarta-commons-httpclient
Definition Synopsis:
Oracle Linux 7 release section Oracle Linux 7.x Packages match section jakarta-commons-httpclient RPM is earlier than 1:3.1-16.el7_0 AND jakarta-commons-httpclient-demo RPM is earlier than 1:3.1-16.el7_0 AND jakarta-commons-httpclient-javadoc RPM is earlier than 1:3.1-16.el7_0 AND jakarta-commons-httpclient-manual RPM is earlier than 1:3.1-16.el7_0 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section jakarta-commons-httpclient RPM is earlier than 1:3.1-0.9.el6_5 AND jakarta-commons-httpclient-demo RPM is earlier than 1:3.1-0.9.el6_5 AND jakarta-commons-httpclient-javadoc RPM is earlier than 1:3.1-0.9.el6_5 AND jakarta-commons-httpclient-manual RPM is earlier than 1:3.1-0.9.el6_5 AND Oracle Linux 5 release section Oracle Linux 5.x Packages match section jakarta-commons-httpclient RPM is earlier than 1:3.0-7jpp.4.el5_10 AND jakarta-commons-httpclient-demo RPM is earlier than 1:3.0-7jpp.4.el5_10 AND jakarta-commons-httpclient-javadoc RPM is earlier than 1:3.0-7jpp.4.el5_10 AND jakarta-commons-httpclient-manual RPM is earlier than 1:3.0-7jpp.4.el5_10

Definition Id: oval:org.mitre.oval:def:27584

Oval ID:	oval:org.mitre.oval:def:27584
Title:	DEPRECATED: ELSA-2013-0270 -- jakarta-commons-httpclient security update (moderate)
Description:	[1:3.1-0.7] - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5783
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0270 CVE-2012-5783	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	jakarta-commons-httpclient
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section jakarta-commons-httpclient is earlier than 0:3.0-7jpp.2 AND jakarta-commons-httpclient-demo is earlier than 0:3.0-7jpp.2 AND jakarta-commons-httpclient-javadoc is earlier than 0:3.0-7jpp.2 AND jakarta-commons-httpclient-manual is earlier than 0:3.0-7jpp.2 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section jakarta-commons-httpclient is earlier than 0:3.1-0.7.el6_3 AND jakarta-commons-httpclient-demo is earlier than 0:3.1-0.7.el6_3 AND jakarta-commons-httpclient-javadoc is earlier than 0:3.1-0.7.el6_3 AND jakarta-commons-httpclient-manual is earlier than 0:3.1-0.7.el6_3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Httpclient cpe:2.3:a:apache:httpclient:4.3:::::::* cpe:2.3:a:apache:httpclient:4.3:beta2:::::: cpe:2.3:a:apache:httpclient:4.3:beta1:::::: cpe:2.3:a:apache:httpclient:4.3:alpha1:::::: cpe:2.3:a:apache:httpclient:4.1:alpha1:::::: cpe:2.3:a:apache:httpclient:4.1:::::::* cpe:2.3:a:apache:httpclient:4.1:beta1:::::: cpe:2.3:a:apache:httpclient:4.1:alpha2:::::: cpe:2.3:a:apache:httpclient:4.0.1:::::::* cpe:2.3:a:apache:httpclient:4.0:alpha1:::::: cpe:2.3:a:apache:httpclient:4.0:::::::* cpe:2.3:a:apache:httpclient:4.0:beta2:::::: cpe:2.3:a:apache:httpclient:4.0:alpha2:::::: cpe:2.3:a:apache:httpclient:4.0:beta1:::::: cpe:2.3:a:apache:httpclient:4.0:alpha4:::::: cpe:2.3:a:apache:httpclient:4.0:alpha3:::::: cpe:2.3:a:apache:httpclient:3.1:::::::* cpe:2.3:a:apache:httpclient::::::::	18
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::	5
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:23:::::::* cpe:2.3:o:fedoraproject:fedora:22:::::::* cpe:2.3:o:fedoraproject:fedora:21:::::::*	3

Nessus® Vulnerability Scanner

Date	Description
2016-10-31	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ac18046c9b0811e68011005056925db4.nasl - Type : ACT_GATHER_INFO
2015-10-15	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2769-1.nasl - Type : ACT_GATHER_INFO
2015-10-02	Name : The remote Fedora host is missing a security update. File : fedora_2015-15590.nasl - Type : ACT_GATHER_INFO
2015-10-02	Name : The remote Fedora host is missing a security update. File : fedora_2015-15589.nasl - Type : ACT_GATHER_INFO
2015-10-02	Name : The remote Fedora host is missing a security update. File : fedora_2015-15588.nasl - Type : ACT_GATHER_INFO
2015-10-02	Name : The remote Debian host is missing a security update. File : debian_DLA-322.nasl - Type : ACT_GATHER_INFO
2015-09-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0158.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote Debian host is missing a security update. File : debian_DLA-222.nasl - Type : ACT_GATHER_INFO
2015-04-17	Name : The remote Windows host has web portal software installed that is affected by... File : websphere_portal_8_0_0_1_cf15.nasl - Type : ACT_GATHER_INFO
2014-12-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-2019.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-1834.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-1833.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1098.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0224.nasl - Type : ACT_GATHER_INFO
2014-10-12	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-410.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1321.nasl - Type : ACT_GATHER_INFO
2014-10-01	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1320.nasl - Type : ACT_GATHER_INFO
2014-09-12	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-170.nasl - Type : ACT_GATHER_INFO
2014-09-09	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1166.nasl - Type : ACT_GATHER_INFO
2014-09-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1166.nasl - Type : ACT_GATHER_INFO
2014-09-09	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1166.nasl - Type : ACT_GATHER_INFO
2014-09-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1162.nasl - Type : ACT_GATHER_INFO
2014-09-04	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1146.nasl - Type : ACT_GATHER_INFO
2014-09-04	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1146.nasl - Type : ACT_GATHER_INFO
2014-09-04	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1146.nasl - Type : ACT_GATHER_INFO
2014-08-30	Name : The remote Fedora host is missing a security update. File : fedora_2014-9629.nasl - Type : ACT_GATHER_INFO
2014-08-30	Name : The remote Fedora host is missing a security update. File : fedora_2014-9617.nasl - Type : ACT_GATHER_INFO
2014-08-27	Name : The remote Fedora host is missing a security update. File : fedora_2014-9581.nasl - Type : ACT_GATHER_INFO
2014-08-27	Name : The remote Fedora host is missing a security update. File : fedora_2014-9539.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-304.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-161.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-305.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-169.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0270.nasl - Type : ACT_GATHER_INFO
2013-04-04	Name : The remote SuSE 11 host is missing a security update. File : suse_11_jakarta-commons-httpclient3-130328.nasl - Type : ACT_GATHER_INFO
2013-03-26	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0680.nasl - Type : ACT_GATHER_INFO
2013-02-21	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130219_jakarta_commons_httpclient_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-02-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0270.nasl - Type : ACT_GATHER_INFO
2013-02-20	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0270.nasl - Type : ACT_GATHER_INFO
2013-02-04	Name : The remote Fedora host is missing a security update. File : fedora_2013-1289.nasl - Type : ACT_GATHER_INFO
2013-02-04	Name : The remote Fedora host is missing a security update. File : fedora_2013-1203.nasl - Type : ACT_GATHER_INFO
2013-02-04	Name : The remote Fedora host is missing a security update. File : fedora_2013-1189.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2015-10-27 21:27:25	Multiple Updates
2015-10-16 13:24:49	Multiple Updates
2015-10-14 21:21:40	First insertion

Global Informations

Type	Count
CWE ID(s)	3
Oval ID(s)	9
CPE ID(s)	26
Nessus® Exploit(s)	42

	Related
5.8	CVE-2014-3577
5.8	CVE-2012-5783
4.3	CVE-2015-5262
4.3	CVE-2012-6153
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

5.8 - USN-2769-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU