CVE-2013-0253 - The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificat

CVE-2013-0253

Summary

The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.

References

Vulnerable Configurations

cpe:2.3:a:apache:maven:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:maven:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:maven_wagon:2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:maven_wagon:2.1:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 16-04-2019 - 18:29)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

redhat via4

advisories

rhsa

id	RHSA-2013:0700

rpms

jenkins-0:1.506-1.el6op

refmap via4

confirm	https://bugzilla.redhat.com/show_bug.cgi?id=917084 https://maven.apache.org/security.html
mlist	[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1

Last major update

16-04-2019 - 18:29

Published

09-04-2013 - 20:55

Last modified

16-04-2019 - 18:29