9 matches found
CVE-2026-44393
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...
Apache Directory LDAP API 安全漏洞
The Apache Directory LDAP API is a LDAP protocol development framework created by the Apache Foundation in the United States. There were security vulnerabilities in the Apache Directory LDAP API between versions 2.0.0 and 2.1.7. These vulnerabilities stemmed from incomplete TLS server...
Improper SSL Hostname Verification
org.springframework.boot, spring-boot-elasticsearch is vulnerable to improper SSL hostname verification. The vulnerability is due to missing hostname verification in SSL bundle configuration, which allows an attacker to perform man-in-the-middle attacks by connecting to a malicious Elasticsearch...
MiracleLinux 7 : tomcat-7.0.76-9.el7 (AXSA:2019-4053:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4053:02 advisory. tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources CVE-2018-1304 tomcat: Late...
Apache Log4j 2.x < 2.25.3 Missing TLS Hostname Verification Vulnerability - Linux
Apache Log4j is prone to a missing TLS hostname verification vulnerability in the socket appender. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Linux Distros Unpatched Vulnerability : CVE-2018-17187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mo...
Linux Distros Unpatched Vulnerability : CVE-2018-8034
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0....
UBUNTU-CVE-2020-13614
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...
The vulnerability of the Apache ActiveMQ messaging broker, related to the lack of TLS hostname verification, allows attackers to gain unauthorized access to protected data.
The vulnerability of the Apache ActiveMQ messaging broker is related to the absence of hostname verification for TLS. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected data...