CVE-2020-9040

Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:couchbase:couchbase_server_java_sdk:*:*:*:*:*:*:*:*

Information

Published : 2020-06-08 09:15

Updated : 2020-06-11 09:45


NVD link : CVE-2020-9040

Mitre link : CVE-2020-9040


JSON object : View

CWE
CWE-295

Improper Certificate Validation

Advertisement

dedicated server usa

Products Affected

couchbase

  • couchbase_server_java_sdk