Lucene search
ApacheCVELIST:CVE-2022-32531HistoryDec 15, 2022 - 10:17 a.m.
CVE-2022-32531 Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification
2022-12-1510:17:19
CWE-295
apache
www.cve.org
apache bookkeeper
java client
tls hostname verification
The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves
the bookkeeper client vulnerable to a man in the middle attack.
The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache BookKeeper",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.14.5",
"status": "affected",
"version": "0",
"versionType": "maven"
},
{
"status": "affected",
"version": "4.15.0"
}
]
}
]Related
rosalinux
rosalinux
Advisory ROSA-SA-2023-2196
2023-07-18 11:36:16
debiancve
debiancve
CVE-2022-32531
2022-12-15 19:15:17
cve
cve
CVE-2022-32531
2022-12-15 19:15:17
veracode
veracode
Man-in-the-Middle (MitM)
2022-12-16 06:25:10
nvd
nvd
CVE-2022-32531
2022-12-15 19:15:17
osv
osv
Apache Bookkeeper vulnerable to Improper Certificate Validation
2022-12-15 21:30:29
PYSEC-2022-43060
2022-12-15 19:15:00
CVE-2022-32531
2022-12-15 19:15:17
ubuntucve
ubuntucve
CVE-2022-32531
2022-12-15 00:00:00
prion
prion
Design/Logic Flaw
2022-12-15 19:15:00
github
github
Apache Bookkeeper vulnerable to Improper Certificate Validation
2022-12-15 21:30:29