RHSA-2015:1176HighCVSS 4.8

Red Hat Security Advisory: Red Hat JBoss Fuse 6.2.0 update

Published
June 23, 2015
Last Modified
June 27, 2026

🔗 CVE IDs covered (10)

📋 Description

CVE-2013-7397 — async-http-client: SSL/TLS certificate verification is disabled under certain conditions CVE-2013-7398 — async-http-client: missing hostname verification for SSL certificates CVE-2014-0363 — smack: incorrect X.509 certificate validation CVE-2014-0364 — smack: IQ response spoofing CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-5075 — smack: MitM vulnerability CVE-2015-0226 — wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) CVE-2015-0227 — wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property CVE-2015-1796 — Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation CVE-2016-3088 — activemq: Fileserver web application vulnerability allowing RCE

🔗 References (16)