8 matches found
CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...
CVE-2024-53990
The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...
GHSA-8H53-FJGG-G42G Insufficient Verification of Data Authenticity in Async Http Client
Async Http Client aka AHC or async-http-client before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a...
GHSA-5C66-6H6G-6Q6M Insufficient Verification of Data Authenticity in Async Http Client
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client aka AHC or async-http-client before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...
Insufficient Verification of Data Authenticity in Async Http Client
Async Http Client aka AHC or async-http-client before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a...
CVE-2013-7398
CVE-2013-7398 affects Async Http Client (async-http-client) before 1.9.0, where hostname verification is not required during X.509 certificate verification. This allows MITM attackers to spoof HTTPS servers with arbitrary valid certificates. Mitigation: upgrade to 1.9.0 or newer (vendor advisorie...
CVE-2013-7397
Async Http Client (AHC) prior to 1.9.0 fails to verify X.509 certificates unless both a keystore and a truststore are explicitly configured, enabling MITM via spoofed certificates in typical configurations. Affected component is the AHC Java library; exploitation would involve HTTPS usage with mi...
iSupport v1.8 Local file include vulnerability
iSupport v1.8 Local file Inclusion Vuln found by JuMp-Er http://www.ahc-security.org Script Name : iSupport version : 1.8 Vendor Site : http://www.idevspot.com/iSupport.php Exploit : http://www.site.com/iSupport/index.php?includefile=local file 3 StRoNiX, mawena, ML, n0th1ng...