Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability

Bugtraq ID: 69258
Class: Design Error
CVE: CVE-2014-3577
Remote: Yes
Local: No
Published: Aug 12 2014 12:00AM
Updated: Jan 12 2017 12:14AM
Credit: Subodh Iyengar, and Will Shackleton
Vulnerable: Ubuntu Ubuntu Linux 15.04
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS
Redhat Software Collections 1 for RHEL 6 0
Redhat JBoss Fuse 6.1.0
Redhat JBoss Enterprise Application Platform 6.3
Redhat JBoss Enterprise Application Platform 6 EL6
Redhat JBoss Enterprise Application Platform 6 EL5
Redhat JBoss BRMS 6.0.3
Redhat Jboss Bpm Suite 6.0.3
Redhat Jboss Bpm Suite 6.0.1
Redhat Jboss Bpm Suite 6.0.0
Redhat JBoss A-MQ 6.1.0
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server EUS 6.5.z
Redhat Enterprise Linux Server AUS 6.5
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
Oracle Enterprise Linux 7
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
IBM ISALite for IBM InfoSphere Information Server 11.5
IBM ISALite for IBM InfoSphere Information Server 11.3
IBM Infosphere Metadata Workbench 9.1
IBM Infosphere Metadata Workbench 8.7
IBM InfoSphere Metadata Asset Manager 9.1
IBM InfoSphere Metadata Asset Manager 8.7
IBM InfoSphere Information Server on Cloud 11.5
IBM InfoSphere Information Server Manager 9.1
IBM InfoSphere Information Server Manager 8.7
IBM InfoSphere Information Governance Catalog 11.5
IBM InfoSphere Information Governance Catalog 11.3
IBM InfoSphere FastTrack 11.5
IBM InfoSphere FastTrack 11.3
IBM InfoSphere DataStage XML Connector stage 9.1
IBM InfoSphere DataStage XML Connector stage 8.7
IBM InfoSphere DataStage XML Connector stage 8.5
IBM InfoSphere DataStage Hierarchical Data stage 11.5
IBM InfoSphere DataStage Hierarchical Data stage 11.3
IBM InfoSphere DataStage Connectors 9.1
IBM InfoSphere DataStage Connectors 8.7
IBM InfoSphere DataStage Connectors 8.5
IBM InfoSphere DataStage Connectors 11.5
IBM InfoSphere DataStage Connectors 11.3
IBM InfoSphere Data Quality Exception Console 11.5
IBM InfoSphere Data Quality Exception Console 11.3
IBM InfoSphere Business Glossary Client for Eclipse 9.1
IBM InfoSphere Business Glossary Client for Eclipse 8.7
IBM InfoSphere Business Glossary Client for Eclipse 8.5
IBM InfoSphere Business Glossary Client for Eclipse 11.5
IBM InfoSphere Business Glossary Client for Eclipse 11.3
IBM InfoSphere Business Glossary 9.1
IBM InfoSphere Business Glossary 8.7
IBM InfoSphere Blueprint Director 9.1
IBM InfoSphere Blueprint Director 8.7
IBM InfoSphere Blueprint Director 8.5
IBM InfoSphere Blueprint Director 11.3
IBM Bluemix Liberty for Java 1.6
IBM Bluemix Liberty for Java 1.5
IBM Bluemix Liberty for Java 1.3
IBM Bluemix Liberty for Java 1.12-20150130-1059
HP Network Node Manager i 9.20
HP Network Node Manager i 10.0
HP Helion Eucalyptus 4.3
CentOS CentOS 5
Avaya one-X Client Enablement Services 6.1 SP2
Avaya one-X Client Enablement Services 6.1 SP1
Avaya one-X Client Enablement Services 6.1
Apache HttpComponents HttpClient 4.2.2
Apache HttpComponents HttpClient 4.1.1
Apache HttpComponents HttpClient 4.3
Apache HttpComponents HttpClient 4.1
Apache HttpComponents HttpAsyncClient 4.0
Not Vulnerable: Redhat JBoss Fuse 6.2
Redhat JBoss BRMS 6.1
Redhat Jboss Bpm Suite 6.1
Redhat JBoss A-MQ 6.2
IBM Bluemix Liberty for Java 1.13-20150209-1122
HP Helion Eucalyptus 4.3.1
Avaya one-X Client Enablement Services 6.1 SP3
Apache HttpComponents HttpClient 4.3.5
Apache HttpComponents HttpAsyncClient 4.0.2


 

Privacy Statement
Copyright 2010, SecurityFocus