VYPR

Maven package

edu.vt.middleware/vt-ldap

pkg:maven/edu.vt.middleware/vt-ldap

Vulnerabilities (1)

  • CVE-2014-3607MedJan 8, 2018
    affected < 3.3.8fixed 3.3.8

    DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid ce