CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

Prion•added 2015/06/24 4:59 p.m.•28 views

Design/Logic Flaw

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client aka AHC or async-http-client before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...

4.3CVSS6.8AI score0.01049EPSS

Exploits0References10Affected Software2

CVE•added 2015/06/24 4:0 p.m.•88 views

CVE-2013-7398

CVE-2013-7398 affects Async Http Client (async-http-client) before 1.9.0, where hostname verification is not required during X.509 certificate verification. This allows MITM attackers to spoof HTTPS servers with arbitrary valid certificates. Mitigation: upgrade to 1.9.0 or newer (vendor advisorie...

4.3CVSS8.9AI score0.01049EPSS

Exploits0References10Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by