← Back

Async Http Client Project

async-http-client_project

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Async Http Client
async-http-client
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2013-7398
2Async Http Client Project
Redhat
2Async Http Client
Jboss Fuse
May 6, 2026
Jun 24, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-...Show more
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.Show less
CVE-2013-7397
2Async Http Client Project
Redhat
2Async Http Client
Jboss Fuse
May 6, 2026
Jun 24, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to...Show more
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.Show less