Lucene search
Veracode Vulnerability DatabaseVERACODE:27503HistoryOct 02, 2020 - 1:27 a.m.
Insecure Encryption Standards
2020-10-0201:27:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
insecure
encryption
standards
tls v1.0
tls v1.1
tls v1.2
nifi
api
listenhttp
handlehttprequest
software
EPSS
0.002
Percentile
65.0%
nifi-socket-utils uses insecure encryption standards. The weakness arises as it continued to allow support of TLS v1.0 and v1.1, when the NiFi UI, API, as well as listening for connections established by processors like ListenHTTP, HandleHttpRequest were protected by mandating TLS v1.2.
References
github.com/apache/nifi/commit/441781cec50f77d9f1e65093f55bbd614b8c5ec6
github.com/apache/nifi/pull/4263
lists.apache.org/thread.html/r2d9c21f9ec35d66f2bb42f8abe876dabd786166b6284e9a33582c718@%3Ccommits.nifi.apache.org%3E
lists.apache.org/thread.html/re48582efe2ac973f8cff55c8b346825cb491c71935e15ab2d61ef3bf@%3Ccommits.nifi.apache.org%3E
nifi.apache.org/security#CVE-2020-9491
Related
cve
cve
CVE-2020-9491
2020-10-01 20:15:14
prion
prion
Design/Logic Flaw
2020-10-01 20:15:00
cvelist
cvelist
CVE-2020-9491
2020-10-01 19:57:34
osv
osv
Inadequate Encryption Strength in Apache NiFi
2022-01-06 20:41:06
CVE-2020-9491
2020-10-01 20:15:14
nvd
nvd
CVE-2020-9491
2020-10-01 20:15:14
github
github
Inadequate Encryption Strength in Apache NiFi
2022-01-06 20:41:06