Описание
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.1 (включая)
cpe:2.3:a:java-websocket_project:java-websocket:*:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00191
Низкий
9 Critical
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-297
CWE-295
Связанные уязвимости
CVSS3: 8.1
redhat
почти 6 лет назад
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
CVSS3: 9
github
больше 5 лет назад
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
EPSS
Процентиль: 41%
0.00191
Низкий
9 Critical
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-297
CWE-295