CVE-2013-7397
CVSS v2.0
4.3 (Medium)
EPSS
0.30 % (70th)
Affected Products
2
Advisories
2
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.
Weaknesses
- CWE-345
- Insufficient Verification of Data Authenticity
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2015-06-24 16:59:00
(9 years ago) - Updated Date
-
2023-11-07 02:18:03
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...