Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-7398

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014082...
CONFIRM: https://github.com/Asy...
REDHAT: RHSA-2015:1176
BID: 69317
REDHAT: RHSA-2015:1551
CONFIRM: https://wiki.jenkins-c...
REDHAT: RHSA-2015:0850
REDHAT: RHSA-2015:0851
MLIST: [pulsar-commits] 20190...
MLIST: [pulsar-commits] 20201...

Launchpad.net

CVE 2013-7398

Related bugs

References