CVE-2013-7398
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2013-7398
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Async Http Client 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Async Http Client(又名AHC或async-http-client)是一个允许Java应用程序执行HTTP请求和异步处理该HTTP响应的客户端库。 Async Http Client 1.9.0之前版本的main/java/com/ning/http/client/AsyncHttpClientConfig.java文件中存在安全漏洞,该漏洞源于程序验证X.509证书时没有要求匹配主机名。攻击者可借助任意有效的证书利用该漏洞实施中间人攻击,欺骗HTTPS服务器。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2013-7398
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2013-7398
Please Login to view more intelligence information
- Jenkins Security Advisory 2016-06-20x_refsource_CONFIRM
- https://github.com/AsyncHttpClient/async-http-client/issues/197x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2013-7398
Same Patch Batch · n/a · 2015-06-24 · 27 CVEs total
| CVE-2015-2308 | Sensio Labs Symfony HttpKernel 代码注入漏洞 | |
| CVE-2015-4219 | Cisco Secure Access Control System和Cisco Identity Services Engine 信息泄露漏洞 | |
| CVE-2015-4218 | Cisco Jabber 信息泄露漏洞 | |
| CVE-2015-4215 | Cisco Wireless LAN Controller 资源管理错误漏洞 | |
| CVE-2015-4214 | Cisco Unified MeetingPlace 信息泄露漏洞 | |
| CVE-2015-4213 | Cisco Nexus 9000 NX-OS 信息泄露漏洞 | |
| CVE-2015-4212 | Cisco WebEx Meeting Center 信息泄露漏洞 | |
| CVE-2015-4211 | Cisco AnyConnect Secure Mobility Client 权限许可和访问控制漏洞 | |
| CVE-2015-4208 | Cisco WebEx Meeting Center 信息泄露漏洞 | |
| CVE-2015-3112 | Adobe Photoshop CC和Bridge CC 缓冲区溢出漏洞 | |
| CVE-2015-3111 | Adobe Photoshop CC和Bridge CC 基于堆的缓冲区溢出漏洞 | |
| CVE-2015-3110 | Adobe Photoshop CC和Bridge CC 数字错误漏洞 | |
| CVE-2015-3109 | Adobe Photoshop CC 缓冲区溢出漏洞 | |
| CVE-2013-7397 | async-http-client 安全漏洞 | |
| CVE-2014-4875 | Toshiba CHEC Hardcoded Cryptographic Key 信息泄露漏洞 | |
| CVE-2015-5068 | SAP Mobile Platform 外部实体漏洞 | |
| CVE-2015-5067 | SAP NetWeaver Cross-System Tools和Data Transfer Workbench组件信任管理漏洞 | |
| CVE-2015-5066 | MetalGenix GeniXCMS 跨站脚本漏洞 | |
| CVE-2015-5065 | WordPress Paypal Currency Converter Basic For WooCommerce插件绝对路径遍历漏洞 | |
| CVE-2015-5064 | MySql Lite Administrator 跨站脚本漏洞 |
Showing top 20 of 27 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8251
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8250
Open5GS SMF n4-build.c smf_n4_build_qos_flow_to_modify_list - CVE-2026-8249
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8248
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial
V. Comments for CVE-2013-7398
No comments yet