Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29136
HistoryMar 03, 2013 - 12:00 a.m.

Fwd: [SECURITY] CVE-2013-0253 Apache Maven 3.0.4

2013-03-0300:00:00
vulners.com
34
JSON

CVE-2013-0253 Apache Maven

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected:

  • Apache Maven 3.0.4
  • Apache Maven Wagon 2.1, 2.2, 2.3

Description:
Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure
SSL mode by default. This mode disables all SSL certificate checking,
including: host name verification , date validity, and certificate
chain. Not validating the certificate introduces the possibility of a
man-in-the-middle attack.

All users are recommended to upgrade to Apache Maven 3.0.5 and Apache
Maven Wagon 2.4.

Credit
This issue was identified by Graham Leggett


The Apache Maven Team

Related

redhat 1
cve 1
debiancve 1
veracode 2
nessus 1
ubuntucve 1
prion 1
securityvulns 1
redhat
redhat
(RHSA-2013:0700) Moderate: jenkins security update
2013-04-02 00:00:00
cve
cve
CVE-2013-0253
2013-04-09 20:55:00
debiancve
debiancve
CVE-2013-0253
2013-04-09 20:55:00
veracode
veracode
Man-in-the-middle (MITM) Through SSL Certificate Check Bypass
2014-06-08 00:44:46
Man-in-the-middle (MITM) Through SSL Certificate Check Bypass
2019-01-15 08:51:22
nessus
nessus
RHEL 6 : jenkins (RHSA-2013:0700)
2018-12-06 00:00:00
ubuntucve
ubuntucve
CVE-2013-0253
2013-04-09 00:00:00
prion
prion
Default configuration
2013-04-09 20:55:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-03-03 00:00:00
JSON
Related for SECURITYVULNS:DOC:29136
redhat1cve1debiancve1veracode2nessus1ubuntucve1prion1securityvulns1