7 matches found
CVE-2022-31183
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
jruby-openssl gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...
GHSA-2CPX-6PQP-WF35 fs2-io skips mTLS client verification
Impact When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely...
[USN-2292-1] LWP::Protocol::https vulnerability
========================================================================== Ubuntu Security Notice USN-2292-1 July 17, 2014 liblwp-protocol-https-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Ubuntu 14.04 LTS : LWP::Protocol::https vulnerability (USN-2292-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2292-1 advisory. It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was...
jruby-openssl Gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...
GnuTLS insufficient cert verification
libcurl when built to use GnuTLS fails to verify that a peer's certificate has not already expired or has not yet become valid. This allows malicious servers to present certificates to libcurl that were not rejected properly. Notably, the CA certificate and common name checks are still in place...