Common Weakness Enumeration

CWE-297

Allowed

Improper Validation of Certificate with Host Mismatch

Abstraction: Variant · Status: Incomplete

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

101 vulnerabilities reference this CWE, most recent first.

GHSA-76QH-XR7Q-H39M

Vulnerability from github – Published: 2026-06-04 18:30 – Updated: 2026-07-15 22:30
VLAI
Summary
OpenStack oslo.messaging does not verify RabbitMQ broker hostname during TLS handshake
Details

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enables certificate chain validation but does not pass the expected broker hostname into the underlying TLS stack. Any certificate signed by the deployment CA is accepted regardless of hostname, allowing an attacker who can intercept control-plane traffic to impersonate the RabbitMQ broker and perform a man-in-the-middle attack on RPC and notification traffic. All OpenStack services using oslo.messaging with RabbitMQ over TLS are affected.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "oslo.messaging"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "last_affected": "17.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-297",
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-15T22:30:07Z",
    "nvd_published_at": "2026-06-04T16:16:38Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enables certificate chain validation but does not pass the expected broker hostname into the underlying TLS stack. Any certificate signed by the deployment CA is accepted regardless of hostname, allowing an attacker who can intercept control-plane traffic to impersonate the RabbitMQ broker and perform a man-in-the-middle attack on RPC and notification traffic. All OpenStack services using oslo.messaging with RabbitMQ over TLS are affected.",
  "id": "GHSA-76qh-xr7q-h39m",
  "modified": "2026-07-15T22:30:07Z",
  "published": "2026-06-04T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44393"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-44393"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/oslo.messaging/+bug/2150316"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484835"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/oslo.messaging"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44393.json"
    },
    {
      "type": "WEB",
      "url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0096"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenStack oslo.messaging does not verify RabbitMQ broker hostname during TLS handshake"
}

GHSA-7J7J-66CV-M239

Vulnerability from github – Published: 2024-04-25 18:31 – Updated: 2024-11-18 16:26
VLAI
Summary
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Details

Impact

ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email.

While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks.

Patches

2.x versions are fixed on >= 2.50.0

Workarounds

There is no workaround since a patch is already available.

References

None

Questions

If you have any questions or comments about this advisory, please email us at security@zitadel.com

Credits

Thanks to Jack Moran from Layer 9 Information Security, Ethan from zxsecurity and Amit Laish from GE Vernova for finding and reporting the vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/zitadel/zitadel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-32868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-297",
      "CWE-307"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T18:31:31Z",
    "nvd_published_at": "2024-04-26T00:15:08Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email.\n\nWhile ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks.\n\n### Patches\n2.x versions are fixed on \u003e= [2.50.0](https://github.com/zitadel/zitadel/releases/tag/v2.50.0)\n\n### Workarounds\nThere is no workaround since a patch is already available.\n\n### References\nNone\n\n### Questions\nIf you have any questions or comments about this advisory, please email us at [security@zitadel.com](mailto:security@zitadel.com)\n\n### Credits\n\nThanks to Jack Moran from Layer 9 Information Security, Ethan from zxsecurity and Amit Laish from GE Vernova for finding and reporting the vulnerability. \n",
  "id": "GHSA-7j7j-66cv-m239",
  "modified": "2024-11-18T16:26:40Z",
  "published": "2024-04-25T18:31:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-7j7j-66cv-m239"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32868"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zitadel/zitadel"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zitadel/zitadel/releases/tag/v2.50.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "ZITADEL\u0027s Improper Lockout Mechanism Leads to MFA Bypass"
}

GHSA-7JWG-HQ85-C6M6

Vulnerability from github – Published: 2022-09-22 00:00 – Updated: 2022-12-06 19:50
VLAI
Summary
Jenkins SmallTest Plugin missing hostname validation
Details

Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. There is currently no known workaround or fix for this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.smalltest:smalltest"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-297"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-23T13:31:37Z",
    "nvd_published_at": "2022-09-21T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections. There is currently no known workaround or fix for this issue.",
  "id": "GHSA-7jwg-hq85-c6m6",
  "modified": "2022-12-06T19:50:46Z",
  "published": "2022-09-22T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41243"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/smalltest-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2068"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins SmallTest Plugin missing hostname validation"
}

GHSA-7PWC-H2J2-RJGJ

Vulnerability from github – Published: 2026-05-05 09:31 – Updated: 2026-06-02 22:10
VLAI
Summary
Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
Details

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.22.0"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.thrift:libthrift"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.23.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-43869"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-297"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T19:19:58Z",
    "nvd_published_at": "2026-05-05T08:16:01Z",
    "severity": "HIGH"
  },
  "details": "Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.\n\nThis issue affects Apache Thrift: before 0.23.0.\n\nUsers are recommended to upgrade to version [0.23.0](https://github.com/apache/thrift/releases/tag/v0.23.0), which fixes the issue.",
  "id": "GHSA-7pwc-h2j2-rjgj",
  "modified": "2026-06-02T22:10:43Z",
  "published": "2026-05-05T09:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/thrift/commit/0919c3d5506151514e283a63e1fe1ce83e2449d8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/thrift"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/thrift/releases/tag/v0.23.0"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/05/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability"
}

GHSA-7Q9P-CX8R-RH2Q

Vulnerability from github – Published: 2026-01-08 12:30 – Updated: 2026-01-08 15:31
VLAI
Details

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-297"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-08T10:15:47Z",
    "severity": "MODERATE"
  },
  "details": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.",
  "id": "GHSA-7q9p-cx8r-rh2q",
  "modified": "2026-01-08T15:31:25Z",
  "published": "2026-01-08T12:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3477116"
    },
    {
      "type": "WEB",
      "url": "https://curl.se/docs/CVE-2025-15079.html"
    },
    {
      "type": "WEB",
      "url": "https://curl.se/docs/CVE-2025-15079.json"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/01/07/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7XRH-HQFC-G7QR

Vulnerability from github – Published: 2026-03-07 09:30 – Updated: 2026-03-10 19:32
VLAI
Summary
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
Details

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.zookeeper:zookeeper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.8.0"
            },
            {
              "fixed": "3.8.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.zookeeper:zookeeper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.9.0"
            },
            {
              "fixed": "3.9.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-24281"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-297"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-10T19:32:52Z",
    "nvd_published_at": "2026-03-07T09:16:07Z",
    "severity": "HIGH"
  },
  "details": "Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It\u0027s important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.",
  "id": "GHSA-7xrh-hqfc-g7qr",
  "modified": "2026-03-10T19:32:52Z",
  "published": "2026-03-07T09:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24281"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/zookeeper/commit/66c4efecdda1302d9cfb3af9eedb122b74452bf3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/zookeeper"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-4986"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/088ddsbrzhd5lxzbqf5n24yg0mwh9jt2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/07/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager"
}

GHSA-85RW-G4F4-JPRR

Vulnerability from github – Published: 2026-06-01 09:31 – Updated: 2026-07-07 23:46
VLAI
Summary
Apache Directory LDAP API lacks server certificate verification for LDAP hostnames
Details

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid certificate issued for an entirely unrelated host to be improperly accepted. This oversight leaves the connection highly vulnerable to server impersonation and complete connection compromise.

The root cause of this vulnerability lies in the incomplete TLS server identity verification within the LDAP client implementation.

The attacker requires MITM capability on the network to exploit this vulnerability. This attacker must be able to present a certificate trusted by the client's configured trust store.

The hostname verification has been enforced in the new version of the LDAP API.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.directory.api:api-ldap-client-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.1.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-297"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-07T23:46:48Z",
    "nvd_published_at": "2026-06-01T08:16:20Z",
    "severity": "HIGH"
  },
  "details": "It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP  hostname. While the underlying code validates the certificate chain  against a trusted authority, the absence of endpoint identification  allows a valid certificate issued for an entirely unrelated host to be improperly accepted. This oversight leaves the connection highly vulnerable to server impersonation and complete connection compromise.\n\nThe root cause of this vulnerability lies in the incomplete TLS server identity verification within the LDAP client implementation.\n\nThe attacker requires MITM capability on the network to exploit this vulnerability. This attacker must be able to present a certificate trusted by the client\u0027s configured trust store.\n\nThe hostname verification has been enforced in the new version of the LDAP API.",
  "id": "GHSA-85rw-g4f4-jprr",
  "modified": "2026-07-07T23:46:48Z",
  "published": "2026-06-01T09:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35563"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/directory-ldap-api/commit/57a7726d8b6436c74945c12f5ba4e12d232d2bac"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/directory-ldap-api"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/5rc2nzqxp1m9wknyf93r8dnp46fhc1nn"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/01/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Directory LDAP API lacks server certificate verification for LDAP hostnames"
}

GHSA-8PP4-FRH8-35PX

Vulnerability from github – Published: 2023-05-30 18:30 – Updated: 2024-04-04 04:23
VLAI
Details

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24568"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-297"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-30T16:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nDell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.\n\n",
  "id": "GHSA-8pp4-frh8-35px",
  "modified": "2024-04-04T04:23:24Z",
  "published": "2023-05-30T18:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24568"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000210963/dsa-2023-059-dell-networker-security-update-for-a-rabbitmq-vulnerability-related-to-improper-validation-of-hostname-in-rabbitmq-startup-script-which-fails-to-replace-ca-signed-certificates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8Q5C-2FV2-M4F5

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01
VLAI
Details

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2911"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-297"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-07T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.",
  "id": "GHSA-8q5c-2fv2-m4f5",
  "modified": "2022-05-13T01:01:14Z",
  "published": "2022-05-13T01:01:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2911"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0418"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-962W-GJ84-VPR7

Vulnerability from github – Published: 2022-05-14 02:09 – Updated: 2022-05-14 02:09
VLAI
Details

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-3522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-297"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-08-19T18:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.",
  "id": "GHSA-962w-gj84-vpr7",
  "modified": "2022-05-14T02:09:29Z",
  "published": "2022-05-14T02:09:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3522"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95090"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95311"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201610-05"
    },
    {
      "type": "WEB",
      "url": "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT204427"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59432"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59584"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60100"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60722"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/109996"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/69237"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2316-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design

Fully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

No CAPEC attack patterns related to this CWE.