Lucene search
PRIOn knowledge basePRION:CVE-2022-32531HistoryDec 15, 2022 - 7:15 p.m.
Design/Logic Flaw
2022-12-1519:15:00
PRIOn knowledge base
www.prio-n.com
7
apache bookkeeper
java client
tls hostname verification
The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bookkeeper | eq | 4.15.0 | |
| bookkeeper | eq | 4.15.0 rc0 | |
| bookkeeper | lt | 4.14.6 |
Related
rosalinux
rosalinux
Advisory ROSA-SA-2023-2196
2023-07-18 11:36:16
debiancve
debiancve
CVE-2022-32531
2022-12-15 19:15:17
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2022-32531
2022-12-15 00:00:00
nvd
nvd
CVE-2022-32531
2022-12-15 19:15:17
veracode
veracode
Man-in-the-Middle (MitM)
2022-12-16 06:25:10
osv
osv
Apache Bookkeeper vulnerable to Improper Certificate Validation
2022-12-15 21:30:29
PYSEC-2022-43060
2022-12-15 19:15:00
CVE-2022-32531
2022-12-15 19:15:17
cve
cve
CVE-2022-32531
2022-12-15 19:15:17
github
github
Apache Bookkeeper vulnerable to Improper Certificate Validation
2022-12-15 21:30:29