VYPR

CWE-297

Improper Validation of Certificate with Host Mismatch

VariantIncompleteLikelihood: High

Description

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (40)

page 2 of 2
  • CVE-2025-4295MedJul 22, 2025
    risk 0.30cvss 4.6epss 0.00

    Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting. This issue affects B2B: before 04.06.2025.

  • CVE-2026-54275lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary The `server_hostname` TLS SNI check can be bypassed when an existing connection is reused. ### Impact If an application makes multiple requests to the same domain, but with different per-request `server_hostname` parameters, then the later calls may succeed by…

  • CVE-2026-24281Mar 7, 2026
    risk 0.00cvss epss 0.00

    Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to…

  • CVE-2025-59060Mar 3, 2026
    risk 0.00cvss epss 0.00

    Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

  • CVE-2025-68161Dec 18, 2025
    risk 0.00cvss epss 0.01

    The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName …

  • CVE-2025-49015Jun 18, 2025
    risk 0.00cvss epss 0.00

    The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.

  • CVE-2025-46551May 7, 2025
    risk 0.00cvss epss 0.00

    JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 (corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1), when verifying SSL…

  • CVE-2024-8285Aug 30, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the…

  • CVE-2024-41264Aug 1, 2024
    risk 0.00cvss epss 0.00

    An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.

  • CVE-2024-32868Apr 25, 2024
    risk 0.00cvss epss 0.00

    ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there…

  • CVE-2022-41244Sep 21, 2022
    risk 0.00cvss epss 0.01

    Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.

  • CVE-2022-41243Sep 21, 2022
    risk 0.00cvss epss 0.01

    Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.

  • CVE-2021-44549Dec 14, 2021
    risk 0.00cvss epss 0.02

    Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility…

  • CVE-2020-26234Dec 8, 2020
    risk 0.00cvss epss 0.00

    Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host.…

  • CVE-2020-1758May 15, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.

  • CVE-2020-11050May 7, 2020
    risk 0.00cvss epss 0.01

    In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

  • CVE-2014-3603Apr 4, 2019
    risk 0.00cvss epss 0.01

    The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509…

  • CVE-2014-3604Oct 25, 2014
    risk 0.00cvss epss 0.01

    Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid…

  • CVE-2014-3596Aug 27, 2014
    risk 0.00cvss epss 0.06

    The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a…

  • CVE-2014-3522Aug 19, 2014
    risk 0.00cvss epss 0.06

    The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted…