Описание
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | java-websocket | Not affected | ||
| Red Hat Integration Camel K 1 | java-websocket | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-297
https://bugzilla.redhat.com/show_bug.cgi?id=1835363java-websocket: WebSocketClient does not perform SSL hostname validation
EPSS
Процентиль: 41%
0.00191
Низкий
8.1 High
CVSS3
Связанные уязвимости
CVSS3: 9
nvd
почти 6 лет назад
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
CVSS3: 9
github
больше 5 лет назад
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
EPSS
Процентиль: 41%
0.00191
Низкий
8.1 High
CVSS3