Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:46754
HistoryMay 06, 2024 - 6:27 a.m.

DNS Poisoning

2024-05-0606:27:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
ssl/tls
hostname verification
bouncy castle
java
cryptography
dns poisoning

AI Score

6.7

Confidence

High

EPSS

0

Percentile

15.5%

Bouncy Castle Java Cryptography APIs are vulnerable to improper SSL/TLS hostname verification. The vulnerability is due to hostname verification potentially being performed against a DNS-resolved IP address when no explicit hostname is provided, which could lead to DNS poisoning risks.

Affected configurations

Vulners
Node
veracodebouncy_castle_jsse_provider_and_tls\/dtls_apiRange1.771.77
OR
veracodebouncy_castle_jsse_provider_and_tls\/dtls_apiRange1.771.77
OR
veracodebouncy_castle_providerRange1.771.77
OR
veracodebouncy_castle_providerRange1.771.77
OR
veracodebouncy_castle_providerRange1.771.77
OR
veracodebouncy_castle_jsse_provider_and_tls\/dtls_apiRange1.771.77
OR
veracodebouncy_castle_jsse_provider_and_tls\/dtls_apiRange1.771.77
OR
veracodebouncy_castle_providerRange1.771.77
OR
veracodebouncy_castle_providerRange1.771.77
OR
veracodebouncy_castle_providerRange1.771.77
VendorProductVersionCPE
veracodebouncy_castle_jsse_provider_and_tls\/dtls_api*cpe:2.3:a:veracode:bouncy_castle_jsse_provider_and_tls\/dtls_api:*:*:*:*:*:*:*:*
veracodebouncy_castle_provider*cpe:2.3:a:veracode:bouncy_castle_provider:*:*:*:*:*:*:*:*