CVE-2013-7398

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client aka AHC or async-http-client before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...

Code injection

Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...

Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)

The version of Apple iTunes on the remote host is prior to version 11.0.3. It is, therefore, affected by multiple vulnerabilities : - An error exists related to certificate validation. A man-in-the-middle attacker can exploit this to spoof HTTPS servers, which allows the disclosure of sensitive...

Google Chrome 'JavaScript' And 'HTTPS' Multiple Vulnerabilities - Aug09

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultvulnaug09.nasl 5055 2017-01-20 14:08:39Z teissa $ Google Chrome 'JavaScript' And 'HTTPS' Multiple Vulnerabilities - Aug09 Authors: Sharath S Copyright: Copyrig...

Design/Logic Flaw

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the 1 MD2 or 2 MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409...

CVE-2009-2973

Removed by vendor...

CVE-2009-2973

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the 1 MD2 or 2 MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409...