Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to...
7.4CVSS
7.3AI Score
0.001EPSS
Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port...
7AI Score
0.067EPSS