Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:7124
HistoryJul 23, 2018 - 5:27 a.m.

Insecure Defaults

2018-07-2305:27:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11

EPSS

0.017

Percentile

87.8%

tomcat-websocket is vulnerable to missing hostname verification. The application does not verify the hostname with a client when establishing a TLS connection through the websocket, allowing a malicious user to impersonate a different host machine.