org.apache.bookkeeper:bookkeeper-server is vulnerable to man-in-the-middle(MitM) attack. The vulnerability is due to the connection not terminating when TLS hostname verification fails which allows an attacker to position themselves in between the user and the remote server.