CVE-2016-2402

CVE-2016-2402 affects OkHttp, where MITM bypass of certificate pinning is possible. The vulnerability occurs when an attacker presents a certificate chain containing a non-pinned trusted CA alongside the pinned certificate, enabling bypass of pinning checks in OkHttp before 2.7.4 and in 3.x befor...

CVE-2016-2402

OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate...

Square Open Source: Cache poisoning for okhttp

If an attacker can control the Host header this can be used to poison the cache. This becomes extra dangerous if the library were to be used to build a caching proxy...

Fedora 23 : okhttp-2.7.4-1.fc23 / okio-1.6.0-1.fc23 (2016-65b7608d8b)

This update fixes a security vulnerability which allows an attacker to bypass certificate pinning and cause OkHttp not not to validate that the pinned certificate was in the chain to a trusted certificate authority. Note that Tenable Network Security has extracted the preceding description block...

Fedora Update for okhttp FEDORA-2016-65

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Square OkHttp Security Bypass Vulnerability

Square OkHttp is a set of HTTP and HTTP /2 client software for Android and Java applications. A security vulnerability exists in Square OkHttp that could be exploited by remote attackers to bypass security restrictions and perform unauthorized operations...