VDB
GCVE-110-MAGEIA-2015-212
GCVE-110-MAGEIA-2015-212
Advisory Published
Updated async-http-client packages fix security vulnerabilities:
It was found that async-http-client would disable SSL/TLS certificate
verification under certain conditions, for example if HTTPS communication also
uses client certificates. This can be exploited by a Man-in-the-middle (MITM)
attack where the attacker can spoof a valid certificate (CVE-2013-7397).
It was found that async-http-client did not verify that the server hostname
matched the domain name in the subject's Common Name (CN) or subjectAltName
field in X.509 certificates. This could allow a man-in-the-middle attacker to
spoof an SSL server if they had a certificate that was valid for any domain
name (CVE-2013-7398).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | squid | 0 (affected), 3.4.13-1.2.mga5 (unaffected) | — |
| Mageia | async-http-client | 0 (affected), 1.7.22-1.mga4 (unaffected), 0 (affected), 1.7.22-1.mga4 (unaffected) | — |
Aliases
References
Browse GCVE Records
72,148 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.