6 matches found
Security Bulletin: A spoofing vulnerablity due to an exposure in Eclipse Paho used by IBM WebSphere Application Server Liberty affects TXSeries for Multiplatforms
Summary TXSeries for Multiplatforms has addressed the following identity spoofing vulnerability in Eclipse Paho reported by IBM® WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: Eclipse Paho Java client could allow a remote attacker to bypass security...
CVE-2019-11777
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information...
Information disclosure
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information...
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by...
CVE-2018-10936
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by...
PT-2018-10194 · Postgresql +2 · Postgresql-Jdbc +2
Name of the Vulnerable Software and Affected Versions: postgresql-jdbc versions prior to 42.2.5 Description: A weakness was found that could allow a man-in-the-middle attacker to masquerade as a trusted server. This occurs when an SSL Factory is provided without a host name verifier, allowing an...