Medium severity5.9NVD Advisory· Published Jan 8, 2018· Updated Jun 17, 2026
CVE-2014-3607
CVE-2014-3607
Description
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
edu.vt.middleware:vt-ldapMaven | < 3.3.8 | 3.3.8 |
edu.internet2.middleware:shibboleth-identityproviderMaven | < 2.4.2 | 2.4.2 |
Affected products
2- ghsa-coords2 versions
< 2.4.2+ 1 more
- (no CPE)range: < 2.4.2
- (no CPE)range: < 3.3.8
Patches
Vulnerability mechanics
References
9- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- shibboleth.net/community/advisories/secadv_20140919.txtnvdThird Party AdvisoryWEB
- code.google.com/archive/p/vt-middleware/issues/226nvdThird Party AdvisoryWEB
- code.google.com/archive/p/vt-middleware/issues/227nvdThird Party AdvisoryWEB
- code.google.com/archive/p/vt-middleware/issues/228nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-273v-g3x4-r3rcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-3607ghsaADVISORY
- code.google.com/archive/p/vt-middleware/source/default/commitsghsaWEB
- code.google.com/p/vt-middleware/source/detailghsaWEB
News mentions
0No linked articles in our index yet.