Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-5c66-6h6g-6q6m

Опубликовано: 13 мая 2022
Источник: github
Github: Прошло ревью

Описание

Insufficient Verification of Data Authenticity in Async Http Client

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

Ссылки

Пакеты

Наименование

com.ning:async-http-client

maven
Затронутые версииВерсия исправления

< 1.9.0

1.9.0

EPSS

Процентиль: 79%
0.01231
Низкий

CVE ID

CVE-2013-7398

Дефекты

CWE-345

Связанные уязвимости

ubuntu логотип

CVE-2013-7398

ubuntu
больше 10 лет назад

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

redhat логотип

CVE-2013-7398

redhat
около 13 лет назад

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

nvd логотип

CVE-2013-7398

nvd
больше 10 лет назад

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

debian логотип

CVE-2013-7398

debian
больше 10 лет назад

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Htt ...

EPSS

Процентиль: 79%
0.01231
Низкий

CVE ID

CVE-2013-7398

Дефекты

CWE-345