main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
References
Configurations
History
07 Nov 2023, 02:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2015-06-24 16:59
Updated : 2024-02-28 15:21
NVD link : CVE-2013-7398
Mitre link : CVE-2013-7398
CVE.ORG link : CVE-2013-7398
JSON object : View
Products Affected
async-http-client_project
- async-http-client
redhat
- jboss_fuse
CWE
CWE-345
Insufficient Verification of Data Authenticity