CVE-2014-5075

Related Files

Red Hat Security Advisory 2015-1176-01

Posted Jun 23, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1176-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. The following security fixes are addressed in this release: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle attacker could use this flaw to spoof a valid certificate. It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, web, spoof

systems | linux, redhat

advisories | CVE-2013-7397, CVE-2013-7398, CVE-2014-0363, CVE-2014-0364, CVE-2014-3577, CVE-2014-4651, CVE-2014-5075, CVE-2014-8175, CVE-2015-0226, CVE-2015-0227, CVE-2015-1796

SHA-256 | 5b62a88300e3d3a984e66c33f540e2c9e0a241d1cb41eb116da6198f4b034f4c

Download | Favorite | View

Smack XMPP Library Man-In-The-Middle

Posted Aug 6, 2014

Authored by Georg Lukas

Smack XMPP library for Java suffers for a man-in-the-middle vulnerability. Versions 4.0.0 and 4.0.1 are affected.

tags | advisory, java

advisories | CVE-2014-5075

SHA-256 | cc79aa40f99651e357445431f6e8d8c60ecbebbfc96fefd016f0aff6670bf205

Download | Favorite | View