logo
DATABASE RESOURCES PRICING ABOUT US

Man-in-the-Middle (MitM)

Description

org.apache.pulsar:pulsar-client-original is vulnerable to man-in-the-middle attacks. The vulnerability exists because the library does not verify peer TLS certificates, even when `tlsAllowInsecureConnection` is disabled via configuration, which allows a remote attacker to take control of a machine `between` the client and the server, leading to MitM attacks.


Affected Software


CPE Name Name Version
pulsar client java 2.10.0
pulsar client java 2.5.2
pulsar client java 2.8.3
pulsar client java 2.7.4
pulsar client java 2.9.2
pulsar client java 1.21.0-incubating
pulsar client java 2.8.0
pulsar client java 2.6.0
pulsar client java 2.9.0
pulsar client java 2.10.0
pulsar client java 2.5.2
pulsar client java 2.8.3
pulsar client java 2.7.4
pulsar client java 2.9.2
pulsar client java 1.21.0-incubating
pulsar client java 2.8.0
pulsar client java 2.6.0
pulsar client java 2.9.0

Related