Lucene search
+L

4 matches found

OSV
OSV
added 2026/04/10 6:31 p.m.4 views

GHSA-6HG6-V5C8-FPHQ Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration

The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/10 5:8 p.m.5 views

Improper Validation of Certificate with Host Mismatch

Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to the lack of TLS hostname verification in the SocketAppender component when configured through the...

6.8CVSS6.6AI score0.00395EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 3:36 p.m.1 views

CVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.3CVSS6.5AI score0.00395EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/05/18 9:54 a.m.8 views

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

7.5CVSS7.4AI score0.00877EPSS
Exploits0References5
Rows per page
Query Builder