5 matches found
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
Apache Thrift 安全漏洞
Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability, which was caused by improper validation of certificates when they did not match the hostnames...
CVE-2023-34143
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux Device Manager Server, Device Manager Agent, Host Data Collector components allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02...
GHSA-GF2V-9HP6-44QG org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
Apache Hive JDBC + HiveServer2 implements SSL for plain TCP and HTTP connections it supports both transport modes. While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name...
OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)
A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP addres...