Bouncy Castle Java Cryptography APIs are vulnerable to improper SSL/TLS hostname verification. The vulnerability is due to hostname verification potentially being performed against a DNS-resolved IP address when no explicit hostname is provided, which could lead to DNS poisoning risks.
Vendor | Product | Version | CPE |
---|---|---|---|
veracode | bouncy_castle_jsse_provider_and_tls\/dtls_api | * | cpe:2.3:a:veracode:bouncy_castle_jsse_provider_and_tls\/dtls_api:*:*:*:*:*:*:*:* |
veracode | bouncy_castle_provider | * | cpe:2.3:a:veracode:bouncy_castle_provider:*:*:*:*:*:*:*:* |