CVE-2020-16163

2020-07-30T16:15:00
ID CVE-2020-16163
Type cve
Reporter cve@mitre.org
Modified 2020-08-06T14:04:00

Description

DISPUTED An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182.