Lucene search
K

5 matches found

OSV
OSV
added 2026/04/16 12:42 a.m.9 views

CLEANSTART-2026-CF62516 Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper s...

Multiple security vulnerabilities affect the kserve-modelmesh package. Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid...

9.8CVSS6.6AI score0.01177EPSS
Exploits4References35
OSV
OSV
added 2026/04/16 12:40 a.m.18 views

CLEANSTART-2026-EZ90321 Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper s...

Multiple security vulnerabilities affect the kserve-modelmesh package. Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid...

9.8CVSS7.3AI score0.01177EPSS
Exploits3References32
OSV
OSV
added 2026/03/10 8:52 a.m.3 views

BIT-ZOOKEEPER-2026-24281 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS5.8AI score0.00633EPSS
Exploits0References11
Snyk
Snyk
added 2026/03/07 9:30 a.m.2 views

Improper Validation of Certificate with Host Mismatch

Overview org.apache.zookeeper:zookeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the...

8.3CVSS5.8AI score0.00633EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.9 views

PT-2026-23852

Name of the Vulnerable Software and Affected Versions Apache ZooKeeper versions prior to 3.8.6 Apache ZooKeeper versions prior to 3.9.5 Description A flaw exists in the hostname verification process within Apache ZooKeeper’s ZKTrustManager. When IP Subject Alternative Name SAN validation fails, t...

9.8CVSS5.8AI score0.00633EPSS
Exploits0References312
Rows per page
Query Builder