VYPR

CWE-297

Improper Validation of Certificate with Host Mismatch

VariantIncompleteLikelihood: High

Description

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (40)

page 1 of 2
  • CVE-2026-35563HigJun 1, 2026
    risk 0.55cvss 8.5epss 0.00

    It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification …

  • CVE-2018-10936HigAug 30, 2018
    risk 0.53cvss 8.1epss 0.03

    A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a…

  • CVE-2025-25253HigOct 14, 2025
    risk 0.49cvss 7.5epss 0.00

    An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions…

  • CVE-2024-34447HigMay 3, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an…

  • CVE-2026-44393HigJun 4, 2026
    risk 0.48cvss 7.4epss 0.00

    An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enables certificate chain validation but does…

  • CVE-2026-26214HigFeb 12, 2026
    risk 0.48cvss 7.4epss 0.00

    Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration). In GalaxyFDSClientImpl.createHttpClient(), the SDK configures Apache HttpClient with…

  • CVE-2024-37015HigAug 13, 2024
    risk 0.48cvss 7.4epss 0.00

    An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers.

  • CVE-2024-12925HigSep 1, 2025
    risk 0.47cvss 7.3epss 0.00

    Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting. This issue affects QR Menü: from s1.05.05 before v1.05.12.

  • CVE-2026-42790HigMay 27, 2026
    risk 0.46cvss 8.1epss 0.00

    Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints…

  • CVE-2025-3501HigApr 29, 2025
    risk 0.46cvss 8.2epss 0.00

    A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

  • CVE-2026-44467MedMay 13, 2026
    risk 0.44cvss 6.8epss 0.00

    The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in ~/.ssh/known_hosts without…

  • CVE-2024-2462MedJun 11, 2024
    risk 0.44cvss epss 0.00

    Allow attackers to intercept or falsify data exchanges between the client and the server

  • CVE-2016-1280MedSep 9, 2016
    risk 0.42cvss 6.5epss 0.01

    PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before…

  • CVE-2026-41603HigApr 28, 2026
    risk 0.41cvss 7.4epss 0.00

    Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2026-43869HigMay 5, 2026
    risk 0.40cvss 7.3epss 0.00

    Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2017-2912MedNov 7, 2017
    risk 0.38cvss 5.9epss 0.01

    An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server…

  • CVE-2017-2911MedNov 7, 2017
    risk 0.38cvss 5.9epss 0.01

    An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server…

  • CVE-2026-22747MedApr 22, 2026
    risk 0.37cvss 6.8epss 0.00

    Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker…

  • CVE-2026-12162MedJun 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.

  • CVE-2026-34477MedApr 10, 2026
    risk 0.31cvss 5.9epss 0.00

    The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName …