CVE-2013-7398 – async-http-client: missing hostname verification for SSL certificates
https://notcve.org/view.php?id=CVE-2013-7398
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. main/java/com/ning/http/client/AsyncHttpClientConfig.java en Async Http Client (también conocido como AHC o async-http-client) anterior a 1.9.0 no requiere una coincidencia de nombre de anfitrión durante la verificación de los certificados X.509, lo que permite a atacantes man-in-the-middle falsificar servidores HTTPS a través de un certificado válido arbitrario. It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. • http://openwall.com/lists/oss-security/2014/08/26/1 http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://rhn.redhat.com/errata/RHSA-2015-1176.html http://rhn.redhat.com/errata/RHSA-2015-1551.html http://www.securityfocus.com/bid/69317 https://github.com/AsyncHttpClient/async-http-client/issues/197 https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E https://l • CWE-297: Improper Validation of Certificate with Host Mismatch CWE-345: Insufficient Verification of Data Authenticity •
CVE-2013-7397 – async-http-client: SSL/TLS certificate verification is disabled under certain conditions
https://notcve.org/view.php?id=CVE-2013-7397
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates. Async Http Client (también conocido como AHC o async-http-client) anterior a 1.9.0 salta la verificación los certificados X.509 a no ser que tanto una localización keyStore y una localización trustStore estén configuradas explícitamente, lo que permite a atacantes man-in-the-middle falsificar servidores HTTPS mediante la presentación de un certificado arbitrario durante el uso de una configuración AHC típica, tal y como fue demostrado por una configuración que no envía certificados de cliente. It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle (MITM) attacker could use this flaw to spoof a valid certificate. • http://openwall.com/lists/oss-security/2014/08/26/1 http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://rhn.redhat.com/errata/RHSA-2015-1176.html http://rhn.redhat.com/errata/RHSA-2015-1551.html http://www.securityfocus.com/bid/69316 https://github.com/AsyncHttpClient/async-http-client/issues/352 https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E https://l • CWE-295: Improper Certificate Validation CWE-345: Insufficient Verification of Data Authenticity •
CVE-2008-5045 – FTP Now 2.6 Server - Response Remote Crash (PoC)
https://notcve.org/view.php?id=CVE-2008-5045
Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long. Desbordamiento de búfer basado en pila en Network-Client FTP Now v2.6, y posiblemente otras versiones, permiten a los servidores FTP remotos provocar una denegación de servicio (caída) a través de una respuesta de servidor del tipo 200 que tiene un tamaño de 1024 caracteres. • https://www.exploit-db.com/exploits/6926 http://securityreason.com/securityalert/4583 http://www.securityfocus.com/bid/32080 https://exchange.xforce.ibmcloud.com/vulnerabilities/46319 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-1094 – FTP Now 2.6.14 - Local Password Disclosure
https://notcve.org/view.php?id=CVE-2005-1094
FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/918 http://secunia.com/advisories/14889 http://securitytracker.com/id?1013657 http://www.osvdb.org/15296 https://exchange.xforce.ibmcloud.com/vulnerabilities/20025 •