Описание
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.7.1 (включая) до 2.7.1.1 (исключая)
cpe:2.3:a:couchbase:couchbase_server_java_sdk:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00138
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
github
больше 3 лет назад
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.
EPSS
Процентиль: 34%
0.00138
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-295