CVE-2020-9040

2020-06-08T16:15:00
ID CVE-2020-9040
Type cve
Reporter cve@mitre.org
Modified 2020-06-11T16:45:00

Description

Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.