AsyncHttpClient SSL Host Name Verification Security Weakness
BID:69317
Info
AsyncHttpClient SSL Host Name Verification Security Weakness
| Bugtraq ID: | 69317 |
| Class: | Design Error |
| CVE: |
CVE-2013-7398 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 20 2014 12:00AM |
| Updated: | Jul 05 2016 10:40PM |
| Credit: | Arun Babu Neelicattu |
| Vulnerable: |
Jenkins CI Jenkins 1.409.3 Jenkins CI Jenkins 1.454 Jenkins CI Jenkins 1.452 Jenkins CI Jenkins 1.451 Jenkins CI Jenkins 1.447 Jenkins CI Jenkins 1.446 Jenkins CI Jenkins 1.438 Jenkins CI Jenkins 1.424.5.1 Jenkins CI Jenkins 1.424.5 Jenkins CI Jenkins 1.424.3 Jenkins CI Jenkins 1.424.2 Jenkins CI Jenkins 1.424.1 Jenkins CI Jenkins 1.408 Jenkins CI Jenkins 1.400.0.13 Jenkins CI Jenkins 1.400.0.12 |
| Not Vulnerable: | |
Discussion
AsyncHttpClient SSL Host Name Verification Security Weakness
AsyncHttpClient is prone to a security weakness.
An attacker may leverage this issue to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
AsyncHttpClient is prone to a security weakness.
An attacker may leverage this issue to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
Exploit / POC
AsyncHttpClient SSL Host Name Verification Security Weakness
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
Solution / Fix
AsyncHttpClient SSL Host Name Verification Security Weakness
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
AsyncHttpClient SSL Host Name Verification Security Weakness
References:
References: