Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2020-0408

Good to know:

icon
icon

Date: June 22, 2020

An issue was found in all versions of io.netty:netty-all. Host verification in Netty is disabled by default. This can lead to MITM attack in which an attacker can forge valid SSL/TLS certificates for a different hostname in order to intercept traffic that doesn’t intend for him. This is an issue because the certificate is not matched with the host.

Language: Java

Severity Score

Related Resources (2)

https://github.com/netty/netty/issues/10362
https://www.mend.io/vulnerability-database/WS-2020-0408

Severity Score

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Top Fix

icon

Upgrade Version

Upgrade to version Cassandra - 2.2.5;JetBrains.Rider.Frontend2 - 203.0.20201127.95230-eap09;JetBrains.Rider.Frontend2 - 203.0.20201211.142525;JetBrains.Rider.Frontend2 - 203.0.20200923.135724-eap01;MASES.KafkaBridge - no_fix;pepgenome - no_fix;logstash-binary - no_fix;pantools - 3.3.3;pantools - 2.0.0;MASES.KNetCLI - 2.0.0;fiji - 20250206;MASES.KafkaBridgeCLI - no_fix;cromwell - 0.29;cromwell - 0.32;sirius-csifingerid - 5.8.2;pyspark - 3.2.3;MASES.KNetConnect - 2.0.0;igv - 2.8.10;igv - 2.8.3;igv - no_fix;igvtools - no_fix;AppDynamics.Azure.SiteExtension.JavaAgent - 21.9.0;MASES.KNet - 2.0.0;org.jboss.fuse.modules:fuse-pax-transx-tm-narayana:no_fix;org.jboss.fuse.modules:fuse-pax-transx-tm-narayana:no_fix;org.jboss.fuse.modules:fuse-pax-transx-tm-narayana:no_fix;org.jboss.fuse.modules:fuse-pax-transx-tm-narayana:no_fix;org.jboss.fuse.modules:fuse-pax-transx-tm-narayana:no_fix;org.jboss.fuse.modules:fuse-pax-transx-tm-narayana:no_fix;org.jboss.fuse.modules:fuse-pax-transx-tm-narayana:no_fix;org.jboss.fuse.modules:fuse-pax-transx-tm-narayana:no_fix;org.jboss.fuse.modules:fuse-pax-transx-tm-narayana:no_fix;org.amqphub.jca:resource-adapter-thorntail-example:no_fix;io.netty:netty-handler:4.1.69.Final;io.netty:netty-handler:4.1.69.Final;org.jboss.eap:wildfly-client-all:no_fix;org.jboss.eap:wildfly-client-all:no_fix;org.jboss.eap:wildfly-client-all:no_fix;org.apache.activemq.examples.rest:javascript-chat:2.8.0;org.apache.activemq.examples.rest:javascript-chat:2.14.0;org.apache.activemq.examples.rest:javascript-chat:2.10.1;org.apache.activemq.examples.rest:javascript-chat:2.19.0;org.apache.activemq.examples.rest:javascript-chat:2.10.0;org.apache.activemq.examples.rest:javascript-chat:2.17.0;org.apache.activemq.examples.rest:javascript-chat:2.12.0;org.uberfire:showcase-distribution-wars:7.40.0.Final;org.uberfire:showcase-distribution-wars:7.40.0.Final;org.apache.activemq.examples.rest:push:2.14.0;org.apache.activemq.examples.rest:push:2.8.0;org.apache.activemq.examples.rest:push:2.17.0;org.apache.activemq.examples.rest:push:2.10.1;org.apache.activemq.examples.rest:push:2.19.0;org.apache.activemq.examples.rest:push:2.12.0;org.apache.activemq.examples.rest:push:2.10.0;org.apache.activemq.examples.modules:artemis-tomcat-jndi-resources-sample:2.12.0;org.apache.activemq.examples.modules:artemis-tomcat-jndi-resources-sample:2.14.0;org.apache.activemq.examples.modules:artemis-tomcat-jndi-resources-sample:2.8.0;org.apache.activemq.examples.modules:artemis-tomcat-jndi-resources-sample:2.10.1;org.apache.activemq.examples.modules:artemis-tomcat-jndi-resources-sample:2.19.0;org.apache.activemq.examples.modules:artemis-tomcat-jndi-resources-sample:2.10.0;org.apache.activemq.examples.modules:artemis-tomcat-jndi-resources-sample:2.17.0;org.apache.activemq.examples.rest:dup-send:2.10.0;org.apache.activemq.examples.rest:dup-send:2.17.0;org.apache.activemq.examples.rest:dup-send:2.12.0;org.apache.activemq.examples.rest:dup-send:2.19.0;org.apache.activemq.examples.rest:dup-send:2.10.1;org.apache.activemq.examples.rest:dup-send:2.8.0;org.apache.activemq.examples.rest:dup-send:2.14.0;org.infinispan:infinispan-server-rest:7.0.0.Alpha1;org.infinispan:infinispan-server-rest:9.0.0.Alpha1;org.infinispan:infinispan-server-rest:7.0.0.Alpha1;org.infinispan:infinispan-server-rest:7.0.0.Alpha1;org.infinispan:infinispan-server-rest:9.0.0.Alpha1;org.wildfly:wildfly-client-all:10.0.0.Final;org.wildfly:wildfly-client-all:10.0.0.CR5;org.apache.activemq:artemis-jms-client-all:2.8.0;org.apache.activemq:artemis-jms-client-all:2.10.1;org.apache.activemq:artemis-jms-client-all:2.10.0;org.apache.activemq:artemis-jms-client-all:2.6.4;org.apache.activemq:artemis-jms-client-all:2.17.0;org.apache.activemq:artemis-jms-client-all:2.12.0;org.apache.activemq:artemis-jms-client-all:2.14.0;org.teiid:vdb-base-builder:1.6.0;org.infinispan:infinispan-nearcache-client:9.0.0.Alpha1;org.infinispan:infinispan-nearcache-client:9.0.0.Alpha1;org.apache.activemq.examples.rest:mixed-jms-rest:2.14.0;org.apache.activemq.examples.rest:mixed-jms-rest:2.17.0;org.apache.activemq.examples.rest:mixed-jms-rest:2.12.0;org.apache.activemq.examples.rest:mixed-jms-rest:2.19.0;org.apache.activemq.examples.rest:mixed-jms-rest:2.10.0;org.apache.activemq.examples.rest:mixed-jms-rest:2.8.0;org.apache.activemq.examples.rest:mixed-jms-rest:2.10.1;io.syndesis.meta:meta:1.3.5;org.jboss.narayana.osgi:narayana-osgi-jta:5.12.0.Final;org.jboss.narayana.osgi:narayana-osgi-jta:5.6.0.Final;io.netty:netty-all:4.1.69.Final

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us