VYPR
Unrated severityNVD Advisory· Published Jun 8, 2020· Updated Aug 4, 2024

CVE-2020-9040

CVE-2020-9040

Description

Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.

Affected products

2
  • Couchbase/Server Java SDKdescription
  • Eclipse/Java SDKllm-fuzzy
    Range: <2.7.1.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.