CVE-2014-3604 (Medium) detected in not-yet-commons-ssl-0.3.11.jar - autoclosed - autoclosed - autoclosed - autoclosed - autoclosed - autoclosed - autoclosed - Githubissues

SmartBear / ready-aws-plugin

4 stars 4 forks source link

CVE-2014-3604 (Medium) detected in not-yet-commons-ssl-0.3.11.jar - autoclosed - autoclosed - autoclosed - autoclosed - autoclosed - autoclosed - autoclosed #115

Closed mend-for-github-com[bot] closed 3 years ago

mend-for-github-com[bot] commented 3 years ago

CVE-2014-3604 - Medium Severity Vulnerability

Vulnerable Library - not-yet-commons-ssl-0.3.11.jar

A Java SSL component library

Library home page: http://juliusdavies.ca/

Path to dependency file: ready-aws-plugin/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-ssl/not-yet-commons-ssl/0.3.11/not-yet-commons-ssl-0.3.11.jar

Dependency Hierarchy: - ready-api-soapui-pro-1.3.0.jar (Root Library) - ready-api-soapui-1.3.0.jar - :x: **not-yet-commons-ssl-0.3.11.jar** (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Publish Date: 2014-10-25

URL: CVE-2014-3604

CVSS 2 Score Details (6.8)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3604

Release Date: 2014-10-25

Fix Resolution: 0.3.15

mend-for-github-com[bot] commented 3 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

mend-for-github-com[bot] commented 3 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

mend-for-github-com[bot] commented 3 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

mend-for-github-com[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

mend-for-github-com[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

mend-for-github-com[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

mend-for-github-com[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.