2 matches found
CVE-2022-32531 Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification
The Apache Bookkeeper Java Client before 4.14.6 and also 4.15.0 does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 a...
GHSA-63QC-P2X4-9FGF Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information...