VDB

GCVE-110-MAGEIA-2015-212

GCVE-110-MAGEIA-2015-212
Advisory Published
Vulnetix · Advisory published May 11, 2015
Updated async-http-client packages fix security vulnerabilities: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also uses client certificates. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can spoof a valid certificate (CVE-2013-7397). It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name (CVE-2013-7398).

Affected Products

VendorProductVersionsPlatforms
Mageiasquid0 (affected), 3.4.13-1.2.mga5 (unaffected)
Mageiaasync-http-client0 (affected), 1.7.22-1.mga4 (unaffected), 0 (affected), 1.7.22-1.mga4 (unaffected)

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›