what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2013-7397

Status Candidate

Overview

Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.

Related Files

Red Hat Security Advisory 2015-1551-01
Posted Aug 5, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1551-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also fixed with this release: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle attacker could use this flaw to spoof a valid certificate.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2013-7397, CVE-2013-7398
SHA-256 | f81b1c7aa71caea5275592e1b3edd2a6dbb8b26ba81bf656af5c0616e8195285
Red Hat Security Advisory 2015-1176-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1176-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. The following security fixes are addressed in this release: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle attacker could use this flaw to spoof a valid certificate. It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2013-7397, CVE-2013-7398, CVE-2014-0363, CVE-2014-0364, CVE-2014-3577, CVE-2014-4651, CVE-2014-5075, CVE-2014-8175, CVE-2015-0226, CVE-2015-0227, CVE-2015-1796
SHA-256 | 5b62a88300e3d3a984e66c33f540e2c9e0a241d1cb41eb116da6198f4b034f4c
Red Hat Security Advisory 2015-0851-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0851-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.0 serves as a replacement for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2133, CVE-2013-4517, CVE-2013-7397, CVE-2013-7398, CVE-2014-0034, CVE-2014-0035, CVE-2014-0059, CVE-2014-0109, CVE-2014-0110, CVE-2014-3577, CVE-2014-3623, CVE-2014-7827, CVE-2014-7839, CVE-2014-8122, CVE-2014-8125
SHA-256 | 9c35a2e3da753f782421c5fae6cc800fdd2198541a72b87ddbb7e26976fb351a
Red Hat Security Advisory 2015-0850-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0850-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.0 serves as a replacement for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2133, CVE-2013-4517, CVE-2013-7397, CVE-2013-7398, CVE-2014-0034, CVE-2014-0035, CVE-2014-0059, CVE-2014-0109, CVE-2014-0110, CVE-2014-3577, CVE-2014-3623, CVE-2014-7827, CVE-2014-7839, CVE-2014-8122, CVE-2014-8125
SHA-256 | 290b4f0a91f99c1bf88abbdb829b7cd88cf73b3f112a40d00f3e02cb6d9adc8c
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close