Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.
References
Link | Resource |
---|---|
https://www.couchbase.com/resources/security#SecurityAlerts | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-08T15:21:57
Updated: 2020-06-08T15:21:57
Reserved: 2020-02-17T00:00:00
Link: CVE-2020-9040
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-08T16:15:10.273
Modified: 2020-06-11T16:45:16.157
Link: CVE-2020-9040
JSON object: View
Redhat Information
No data.
CWE