Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2014-3577 - log back

CVE-2014-3577 edited at 07 Oct 2021 07:01:19

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Certificate verification bypass

Description

+	Jenkins 2.314 and earlier bundles a version of the commons-httpclient library with the vulnerability CVE-2014-3577 that incorrectly verified SSL/TLS certificates, making it susceptible to man-in-the-middle attacks.

References

+	https://www.jenkins.io/security/advisory/2021-10-06/#SECURITY-2475

Notes

CVE-2014-3577 created at 07 Oct 2021 06:59:52