6 matches found
CVE-2026-32627
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...
The vulnerability of the WebSocket client component of the Apache Tomcat application server arises from errors in checking host names when using the Transport Layer Security (TLS) protocol. This vulnerability allows attackers to circumvent existing security restrictions.
The vulnerability of the WebSocket client component of the Apache Tomcat application server is related to errors in checking host names when using the Transport Layer Security TLS protocol. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotel...
Scientific Linux Security Update : mariadb on SL7.x x86_64 (20160404)
Security Fixes : - It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a...
Important: Red Hat Security Advisory: wpa_supplicant security and enhancement update
An updated wpasupplicant package that fixes two security issues and adds one enhancement is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix
It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...
[SECURITY] [DSA 2798-1] curl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2798-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 17, 2013 http://www.debian.org/security/faq -...