CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

CVE-2024-53990 AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

Insufficient Verification of Data Authenticity in Async Http Client

Async Http Client aka AHC or async-http-client before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a...

GHSA-8H53-FJGG-G42G Insufficient Verification of Data Authenticity in Async Http Client

Async Http Client aka AHC or async-http-client before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a...

GHSA-5C66-6H6G-6Q6M Insufficient Verification of Data Authenticity in Async Http Client

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client aka AHC or async-http-client before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...

org.apache.camel:camel-ahc-ws (>=2.14.0 <=2.15.4) potentially affected by CVE-2015-5348 via org.apache.camel:camel-ahc (>=2.14.0 <=2.15.4)

org.apache.camel:camel-ahc MAVEN version =2.14.0, =2.14.0, =2.15.4 Source cves: CVE-2015-5348 Source advisory: OSV:GHSA-26V6-W6FW-RH94...

CVE-2013-7397

Async Http Client (AHC) prior to 1.9.0 fails to verify X.509 certificates unless both a keystore and a truststore are explicitly configured, enabling MITM via spoofed certificates in typical configurations. Affected component is the AHC Java library; exploitation would involve HTTPS usage with mi...

CVE-2013-7398

CVE-2013-7398 affects Async Http Client (async-http-client) before 1.9.0, where hostname verification is not required during X.509 certificate verification. This allows MITM attackers to spoof HTTPS servers with arbitrary valid certificates. Mitigation: upgrade to 1.9.0 or newer (vendor advisorie...

iSupport v1.8 Local file include vulnerability

iSupport v1.8 Local file Inclusion Vuln found by JuMp-Er http://www.ahc-security.org Script Name : iSupport version : 1.8 Vendor Site : http://www.idevspot.com/iSupport.php Exploit : http://www.site.com/iSupport/index.php?includefile=local file 3 StRoNiX, mawena, ML, n0th1ng...