Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-GCFG-HMWX-WQ5H

Vulnerability from github – Published: 2024-09-09 18:18 – Updated: 2024-09-09 18:18
VLAI
Summary
Httpful is Missing Certificate Validation
Details

Httpful has Insecure HTTPS Connections due to Missing Default Certificate Validation

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "nategood/httpful"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-09T18:18:15Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Httpful has Insecure HTTPS Connections due to Missing Default Certificate Validation",
  "id": "GHSA-gcfg-hmwx-wq5h",
  "modified": "2024-09-09T18:18:15Z",
  "published": "2024-09-09T18:18:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nategood/httpful/issues/247"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nategood/httpful/commit/44c880e4f559e9215dc6ea9fe50315500c6c2c84"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/nategood/httpful/2024-05-01.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nategood/httpful"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nategood/httpful/blob/fc8e4274a09529a6ff29b9c6c0a105ee43dbfda5/src/Httpful/Request.php#L35"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/8d59c089-92f1-4b73-90f8-54968a70e2fb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Httpful is Missing Certificate Validation"
}

GHSA-GCMR-993X-2G5Q

Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2024-03-21 03:33
VLAI
Details

** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates. NOTE: there may be counterarguments related to backwards compatibility.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16162"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-30T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates. NOTE: there may be counterarguments related to backwards compatibility.",
  "id": "GHSA-gcmr-993x-2g5q",
  "modified": "2024-03-21T03:33:55Z",
  "published": "2022-05-24T17:24:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16162"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/162"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/232"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCP8-45QV-X5W6

Vulnerability from github – Published: 2025-02-06 21:32 – Updated: 2025-02-06 21:32
VLAI
Details

2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47258"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-300"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-06T20:15:39Z",
    "severity": "HIGH"
  },
  "details": "2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices.",
  "id": "GHSA-gcp8-45qv-x5w6",
  "modified": "2025-02-06T21:32:09Z",
  "published": "2025-02-06T21:32:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47258"
    },
    {
      "type": "WEB",
      "url": "https://www.2n.com/en-GB/download/cve_2024_47258_acom_3_3_v1pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GF2V-9HP6-44QG

Vulnerability from github – Published: 2019-03-14 15:40 – Updated: 2022-09-17 00:32
VLAI
Summary
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
Details

Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hive:hive"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hive:hive"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hive:hive-service"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hive:hive-service"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hive:hive-exec"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hive:hive-exec"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2016-3083"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:36:59Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server\u0027s certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn\u0027t seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.",
  "id": "GHSA-gf2v-9hp6-44qg",
  "modified": "2022-09-17T00:32:32Z",
  "published": "2019-03-14T15:40:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3083"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-gf2v-9hp6-44qg"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98669"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation "
}

GHSA-GF47-QGG5-9G9Q

Vulnerability from github – Published: 2026-04-28 12:31 – Updated: 2026-07-09 15:32
VLAI
Details

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-41603"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-297"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-28T10:16:03Z",
    "severity": "HIGH"
  },
  "details": "Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
  "id": "GHSA-gf47-qgg5-9g9q",
  "modified": "2026-07-09T15:32:00Z",
  "published": "2026-04-28T12:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:14885"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21769"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:22347"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:22423"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:23345"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:24539"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36882"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-41603"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463411"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41603.json"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/28/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GFF4-9RFX-4PCW

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI
Details

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-28362"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-18T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.",
  "id": "GHSA-gff4-9rfx-4pcw",
  "modified": "2022-05-24T17:34:32Z",
  "published": "2022-05-24T17:34:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20201202-0004"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GG8H-RVX3-6C4C

Vulnerability from github – Published: 2023-06-02 18:30 – Updated: 2024-04-04 04:29
VLAI
Details

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0430"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-02T17:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird \u003c 102.7.1.",
  "id": "GHSA-gg8h-rvx3-6c4c",
  "modified": "2024-04-04T04:29:12Z",
  "published": "2023-06-02T18:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0430"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1769000"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GG97-R299-8CPM

Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-09-15 15:31
VLAI
Details

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-50944"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T14:15:43Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate\u0027s expiration date, skipping proper TLS chain validation.",
  "id": "GHSA-gg97-r299-8cpm",
  "modified": "2025-09-15T15:31:24Z",
  "published": "2025-09-15T15:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50944"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shinyColumn/CVE-2025-50944"
    },
    {
      "type": "WEB",
      "url": "https://shinycolumn.notion.site/eagleeyes-lite"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GGGH-R5VJ-86C3

Vulnerability from github – Published: 2022-05-17 02:46 – Updated: 2022-05-17 02:46
VLAI
Details

Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7815"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-28T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.",
  "id": "GHSA-gggh-r5vj-86c3",
  "modified": "2022-05-17T02:46:12Z",
  "published": "2022-05-17T02:46:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7815"
    },
    {
      "type": "WEB",
      "url": "https://support.cybozu.com/ja-jp/article/9689"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN19241292/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95379"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GGV5-38C7-P4JR

Vulnerability from github – Published: 2024-02-13 03:30 – Updated: 2025-02-13 18:32
VLAI
Details

Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-13T03:15:09Z",
    "severity": "HIGH"
  },
  "details": "Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.",
  "id": "GHSA-ggv5-38c7-p4jr",
  "modified": "2025-02-13T18:32:14Z",
  "published": "2024-02-13T03:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25642"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3424610"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/26"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.