View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2013-7397 medium priority: Ubuntu including 1 source packages (async-http-client), 20 status rows across 20 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, lucid, precise, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 13, ignored 4, released 2, DNE 1.
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.