6 matches found
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager X509TrustManager, it fails to perform...
EUVD-2026-36465
Netty: Wrapping plain trust manager silently disables hostname verification...
Improper Verification of Cryptographic Signature
Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...
UBUNTU-CVE-2026-50010
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
PT-2012-6122 · Jpmorgan Chase · Chase Mobile Banking Application
Name of the Vulnerable Software and Affected Versions: Chase mobile banking application for Android affected versions not specified Description: The issue concerns a failure to verify the server hostname against the domain name in the X.509 certificate's Common Name CN or subjectAltName field. Th...
PT-2003-2174 · Oracle · Sdk +4
Name of the Vulnerable Software and Affected Versions: Java Secure Socket Extension JSSE in SDK and JRE versions 1.4.0 through 1.4.0 01 JSSE versions prior to 1.0.3 Java Plug-in SDK and JRE versions 1.3.0 through 1.4.1 Java Web Start versions 1.0 through 1.2 Description: The X509TrustManager in t...