CVE-2014-3577 - log back

CVE-2014-3577 edited at 07 Oct 2021 07:01:19
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Certificate verification bypass
Description
+ Jenkins 2.314 and earlier bundles a version of the commons-httpclient library with the vulnerability CVE-2014-3577 that incorrectly verified SSL/TLS certificates, making it susceptible to man-in-the-middle attacks.
References
+ https://www.jenkins.io/security/advisory/2021-10-06/#SECURITY-2475
Notes
CVE-2014-3577 created at 07 Oct 2021 06:59:52