The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.
References
Link | Resource |
---|---|
https://lists.apache.org/thread.html/r354d7654efa1050539fe56a3257696d1faeea4f3f9b633c29ec89609%40%3Cdev.netbeans.apache.org%3E | Mailing List Mitigation Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2020.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2020-03-30T18:39:41
Updated: 2020-07-15T02:23:03
Reserved: 2019-10-14T00:00:00
Link: CVE-2019-17560
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-30T19:15:15.733
Modified: 2023-01-27T18:31:49.983
Link: CVE-2019-17560
JSON object: View
Redhat Information
No data.
CWE