CWE-297
AllowedImproper Validation of Certificate with Host Mismatch
Abstraction: Variant · Status: Incomplete
The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.
101 vulnerabilities reference this CWE, most recent first.
GHSA-9GMG-HFCH-X94J
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2026-06-09 12:31An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy
{
"affected": [],
"aliases": [
"CVE-2025-25253"
],
"database_specific": {
"cwe_ids": [
"CWE-297"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T16:15:36Z",
"severity": "HIGH"
},
"details": "An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy",
"id": "GHSA-9gmg-hfch-x94j",
"modified": "2026-06-09T12:31:59Z",
"published": "2025-10-14T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25253"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-457"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GQ9-G9HM-VM5F
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2017-2913"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-297"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-07T16:29:00Z",
"severity": "MODERATE"
},
"details": "An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.",
"id": "GHSA-9gq9-g9hm-vm5f",
"modified": "2022-05-13T01:01:13Z",
"published": "2022-05-13T01:01:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2913"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0420"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9XR6-QF7M-2JV5
Vulnerability from github – Published: 2024-03-27 09:30 – Updated: 2025-07-30 21:31libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).
{
"affected": [],
"aliases": [
"CVE-2024-2466"
],
"database_specific": {
"cwe_ids": [
"CWE-297"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-27T08:15:41Z",
"severity": "MODERATE"
},
"details": "libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).",
"id": "GHSA-9xr6-qf7m-2jv5",
"modified": "2025-07-30T21:31:29Z",
"published": "2024-03-27T09:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2416725"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2024-2466.html"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2024-2466.json"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240503-0010"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214118"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214119"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214120"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/tls-certificate-check-bypass-curl-with-mbedtls-cve-2024-2466-2468"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/27/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C597-F74M-JGC2
Vulnerability from github – Published: 2022-02-09 00:56 – Updated: 2021-04-01 21:57A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-parent"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1758"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-297"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-01T21:57:32Z",
"nvd_published_at": "2020-05-15T19:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.",
"id": "GHSA-c597-f74m-jgc2",
"modified": "2021-04-01T21:57:32Z",
"published": "2022-02-09T00:56:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1758"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758"
},
{
"type": "WEB",
"url": "https://issues.redhat.com/browse/KEYCLOAK-13285"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak"
}
GHSA-C5CJ-HMH6-45PV
Vulnerability from github – Published: 2025-02-20 06:31 – Updated: 2025-03-11 15:30IBM OpenPages with Watson 8.3 and 9.0
could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.
{
"affected": [],
"aliases": [
"CVE-2024-49782"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-297"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-20T04:15:10Z",
"severity": "MODERATE"
},
"details": "IBM OpenPages with Watson 8.3 and 9.0\u00a0\n\n\n\ncould allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery.",
"id": "GHSA-c5cj-hmh6-45pv",
"modified": "2025-03-11T15:30:57Z",
"published": "2025-02-20T06:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49782"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7183541"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C69W-JJ56-834W
Vulnerability from github – Published: 2021-12-16 14:12 – Updated: 2022-01-04 19:09Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.sling:org.apache.sling.commons.messaging.mail"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-44549"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-297"
],
"github_reviewed": true,
"github_reviewed_at": "2021-12-15T15:15:17Z",
"nvd_published_at": "2021-12-14T16:15:00Z",
"severity": "HIGH"
},
"details": "Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of \"man in the middle\" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429",
"id": "GHSA-c69w-jj56-834w",
"modified": "2022-01-04T19:09:34Z",
"published": "2021-12-16T14:12:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44549"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-ee4j/mail/issues/429"
},
{
"type": "PACKAGE",
"url": "https://github.com/eclipse-ee4j"
},
{
"type": "WEB",
"url": "https://javaee.github.io/javamail/docs/SSLNOTES.txt"
},
{
"type": "WEB",
"url": "https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/l8p9h2bqvkj6rhv4w8kzctb817415b7f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail"
}
GHSA-CH5H-MPFR-FHXH
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:06Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
{
"affected": [],
"aliases": [
"CVE-2019-13050"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-297"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-29T17:15:00Z",
"severity": "HIGH"
},
"details": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
"id": "GHSA-ch5h-mpfr-fhxh",
"modified": "2024-04-04T01:06:52Z",
"published": "2022-05-24T16:49:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13050"
},
{
"type": "WEB",
"url": "https://twitter.com/lambdafu/status/1147162583969009664"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K08654551"
},
{
"type": "WEB",
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CMXJ-WX9V-52QR
Vulnerability from github – Published: 2022-05-14 03:59 – Updated: 2022-07-07 22:38Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "ca.juliusdavies:not-yet-commons-ssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-3604"
],
"database_specific": {
"cwe_ids": [
"CWE-297"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-07T22:38:20Z",
"nvd_published_at": "2014-10-25T00:55:00Z",
"severity": "MODERATE"
},
"details": "Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
"id": "GHSA-cmxj-wx9v-52qr",
"modified": "2022-07-07T22:38:20Z",
"published": "2022-05-14T03:59:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3604"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131803"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97659"
},
{
"type": "WEB",
"url": "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml"
},
{
"type": "WEB",
"url": "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev\u0026revision=172"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL"
}
GHSA-F55W-8CJJ-X4PW
Vulnerability from github – Published: 2026-06-01 15:30 – Updated: 2026-06-01 15:30Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting.
This issue affects QR Menü: from s1.05.05 before v1.05.12.
{
"affected": [],
"aliases": [
"CVE-2024-12925"
],
"database_specific": {
"cwe_ids": [
"CWE-297"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-01T13:15:33Z",
"severity": "HIGH"
},
"details": "Improper Validation of Certificate with Host Mismatch vulnerability in Ak\u0131nsoft QR Men\u00fc allows HTTP Response Splitting.\n\nThis issue affects QR Men\u00fc: from s1.05.05 before v1.05.12.",
"id": "GHSA-f55w-8cjj-x4pw",
"modified": "2026-06-01T15:30:32Z",
"published": "2026-06-01T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12925"
},
{
"type": "WEB",
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0202"
},
{
"type": "WEB",
"url": "https://www.usom.gov.tr/bildirim/tr-25-0202"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-FRC3-7X76-JWP8
Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-13 21:31An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers.
{
"affected": [],
"aliases": [
"CVE-2024-37015"
],
"database_specific": {
"cwe_ids": [
"CWE-297"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-13T17:15:23Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers.",
"id": "GHSA-frc3-7x76-jwp8",
"modified": "2024-08-13T21:31:55Z",
"published": "2024-08-13T18:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37015"
},
{
"type": "WEB",
"url": "https://docs.adacore.com/corp/security-advisories/SEC.AWS-0031-v2.pdf"
},
{
"type": "WEB",
"url": "https://github.com/AdaCore/aws"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Fully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
No CAPEC attack patterns related to this CWE.