CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-GCFG-HMWX-WQ5H
Vulnerability from github – Published: 2024-09-09 18:18 – Updated: 2024-09-09 18:18Httpful has Insecure HTTPS Connections due to Missing Default Certificate Validation
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "nategood/httpful"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-09T18:18:15Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Httpful has Insecure HTTPS Connections due to Missing Default Certificate Validation",
"id": "GHSA-gcfg-hmwx-wq5h",
"modified": "2024-09-09T18:18:15Z",
"published": "2024-09-09T18:18:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nategood/httpful/issues/247"
},
{
"type": "WEB",
"url": "https://github.com/nategood/httpful/commit/44c880e4f559e9215dc6ea9fe50315500c6c2c84"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/nategood/httpful/2024-05-01.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/nategood/httpful"
},
{
"type": "WEB",
"url": "https://github.com/nategood/httpful/blob/fc8e4274a09529a6ff29b9c6c0a105ee43dbfda5/src/Httpful/Request.php#L35"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/8d59c089-92f1-4b73-90f8-54968a70e2fb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Httpful is Missing Certificate Validation"
}
GHSA-GCMR-993X-2G5Q
Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2024-03-21 03:33** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates. NOTE: there may be counterarguments related to backwards compatibility.
{
"affected": [],
"aliases": [
"CVE-2020-16162"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-30T16:15:00Z",
"severity": "MODERATE"
},
"details": "** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates. NOTE: there may be counterarguments related to backwards compatibility.",
"id": "GHSA-gcmr-993x-2g5q",
"modified": "2024-03-21T03:33:55Z",
"published": "2022-05-24T17:24:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16162"
},
{
"type": "WEB",
"url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/162"
},
{
"type": "WEB",
"url": "https://github.com/RIPE-NCC/rpki-validator-3/issues/232"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GCP8-45QV-X5W6
Vulnerability from github – Published: 2025-02-06 21:32 – Updated: 2025-02-06 21:322N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices.
{
"affected": [],
"aliases": [
"CVE-2024-47258"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-300"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-06T20:15:39Z",
"severity": "HIGH"
},
"details": "2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices.",
"id": "GHSA-gcp8-45qv-x5w6",
"modified": "2025-02-06T21:32:09Z",
"published": "2025-02-06T21:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47258"
},
{
"type": "WEB",
"url": "https://www.2n.com/en-GB/download/cve_2024_47258_acom_3_3_v1pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GF2V-9HP6-44QG
Vulnerability from github – Published: 2019-03-14 15:40 – Updated: 2022-09-17 00:32Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.hive:hive"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.hive:hive"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.0"
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.hive:hive-service"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.hive:hive-service"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.0"
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.hive:hive-exec"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.hive:hive-exec"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.0"
]
}
],
"aliases": [
"CVE-2016-3083"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:36:59Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server\u0027s certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn\u0027t seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.",
"id": "GHSA-gf2v-9hp6-44qg",
"modified": "2022-09-17T00:32:32Z",
"published": "2019-03-14T15:40:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3083"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-gf2v-9hp6-44qg"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98669"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation "
}
GHSA-GF47-QGG5-9G9Q
Vulnerability from github – Published: 2026-04-28 12:31 – Updated: 2026-07-09 15:32Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2026-41603"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-297"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-28T10:16:03Z",
"severity": "HIGH"
},
"details": "Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version 0.23.0, which fixes the issue.",
"id": "GHSA-gf47-qgg5-9g9q",
"modified": "2026-07-09T15:32:00Z",
"published": "2026-04-28T12:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41603"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14885"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24539"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36882"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-41603"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463411"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41603.json"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GFF4-9RFX-4PCW
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2020-28362"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-18T17:15:00Z",
"severity": "HIGH"
},
"details": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.",
"id": "GHSA-gff4-9rfx-4pcw",
"modified": "2022-05-24T17:34:32Z",
"published": "2022-05-24T17:34:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201202-0004"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GG8H-RVX3-6C4C
Vulnerability from github – Published: 2023-06-02 18:30 – Updated: 2024-04-04 04:29Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.
{
"affected": [],
"aliases": [
"CVE-2023-0430"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-02T17:15:10Z",
"severity": "MODERATE"
},
"details": "Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird \u003c 102.7.1.",
"id": "GHSA-gg8h-rvx3-6c4c",
"modified": "2024-04-04T04:29:12Z",
"published": "2023-06-02T18:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0430"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1769000"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GG97-R299-8CPM
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-09-15 15:31An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.
{
"affected": [],
"aliases": [
"CVE-2025-50944"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T14:15:43Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate\u0027s expiration date, skipping proper TLS chain validation.",
"id": "GHSA-gg97-r299-8cpm",
"modified": "2025-09-15T15:31:24Z",
"published": "2025-09-15T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50944"
},
{
"type": "WEB",
"url": "https://github.com/shinyColumn/CVE-2025-50944"
},
{
"type": "WEB",
"url": "https://shinycolumn.notion.site/eagleeyes-lite"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GGGH-R5VJ-86C3
Vulnerability from github – Published: 2022-05-17 02:46 – Updated: 2022-05-17 02:46Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
{
"affected": [],
"aliases": [
"CVE-2016-7815"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-28T16:59:00Z",
"severity": "MODERATE"
},
"details": "Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.",
"id": "GHSA-gggh-r5vj-86c3",
"modified": "2022-05-17T02:46:12Z",
"published": "2022-05-17T02:46:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7815"
},
{
"type": "WEB",
"url": "https://support.cybozu.com/ja-jp/article/9689"
},
{
"type": "WEB",
"url": "http://jvn.jp/en/jp/JVN19241292/index.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95379"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GGV5-38C7-P4JR
Vulnerability from github – Published: 2024-02-13 03:30 – Updated: 2025-02-13 18:32Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.
{
"affected": [],
"aliases": [
"CVE-2024-25642"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T03:15:09Z",
"severity": "HIGH"
},
"details": "Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.",
"id": "GHSA-ggv5-38c7-p4jr",
"modified": "2025-02-13T18:32:14Z",
"published": "2024-02-13T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25642"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3424610"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/May/26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.