Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager X509TrustManager, it fails to perform...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/15 8:45 p.m.11 views

EUVD-2026-36465

Netty: Wrapping plain trust manager silently disables hostname verification...

7.5CVSS5.1AI score0.00269EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/12 4:39 p.m.5 views

Improper Verification of Cryptographic Signature

Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...

8.7CVSS5.3AI score0.00269EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 4:16 p.m.7 views

UBUNTU-CVE-2026-50010

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...

7.5CVSS5.3AI score0.00269EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2012/11/04 12:0 a.m.5 views

PT-2012-6122 · Jpmorgan Chase · Chase Mobile Banking Application

Name of the Vulnerable Software and Affected Versions: Chase mobile banking application for Android affected versions not specified Description: The issue concerns a failure to verify the server hostname against the domain name in the X.509 certificate's Common Name CN or subjectAltName field. Th...

5.9CVSS5.4AI score0.00431EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2003/12/31 12:0 a.m.7 views

PT-2003-2174 · Oracle · Sdk +4

Name of the Vulnerable Software and Affected Versions: Java Secure Socket Extension JSSE in SDK and JRE versions 1.4.0 through 1.4.0 01 JSSE versions prior to 1.0.3 Java Plug-in SDK and JRE versions 1.3.0 through 1.4.1 Java Web Start versions 1.0 through 1.2 Description: The X509TrustManager in t...

7.5CVSS6.7AI score0.04627EPSS
Exploits0References14
Rows per page
Query Builder