2 matches found
CVE-2018-17187
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...
CVE-2018-17187
CVE-2018-17187 affects the Apache Qpid Proton-J TLS wrapper. Versions 0.3–0.29.0 lacked hostname verification support, leaving clients that rely on the wrapper with only trusted-certificate verification and exposing them to MITM attacks. The mitigation is to upgrade Proton-J to 0.30.0+ and enable...