Unrated severityNVD Advisory· Published Jun 8, 2020· Updated Aug 4, 2024
CVE-2020-9040
CVE-2020-9040
Description
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.
Affected products
2- Couchbase/Server Java SDKdescription
Patches
Vulnerability mechanics
References
1- www.couchbase.com/resources/securitymitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.