3 matches found
cn.yanyvpingsheng:bililive-sdk (=0.1.0), com.cesanta:cloud-service-stubs (>=0.0.1 <=0.0.3) +26 more potentially affected by CVE-2017-1000209 via com.neovisionaries:nv-websocket-client (>=1.16 <=1.4)
com.neovisionaries:nv-websocket-client MAVEN version =1.16, =0.0.1, =0.0.1, =1.2, =1.2, =1.3.2, =1.9.1.10.0, =0.4.2, =1.5.1.9.2, =0.4.0, =2.6.0, =1.2.0, =1.0.0, =7.2.0 and more Source cves: CVE-2017-1000209 Source advisory: OSV:GHSA-4HXV-95RC-JQG7...
CVE-2017-1000209
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate...
CVE-2017-1000209
The CVE-2017-1000209 entry concerns the Java WebSocket client nv-websocket-client, which fails to verify that the server hostname matches the CN or subjectAltName in the server’s X.509 certificate. This allows potential MITM exploitation through arbitrary valid certificates. The connected records...