CVE-2017-1000209
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000209
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000209.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-1000209
- Aliases
- Published
- 2017-11-17T02:29:01Z
- Modified
- 2024-05-14T05:46:45.344068Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate.
- References
Affected packages
Git / github.com/takahikokawasaki/nv-websocket-client
Affected ranges
- Type
- GIT
- Repo
- https://github.com/takahikokawasaki/nv-websocket-client
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
nv-websocket-client-1.*
nv-websocket-client-1.0
nv-websocket-client-1.1
nv-websocket-client-1.10
nv-websocket-client-1.11
nv-websocket-client-1.12
nv-websocket-client-1.13
nv-websocket-client-1.14
nv-websocket-client-1.15
nv-websocket-client-1.16
nv-websocket-client-1.17
nv-websocket-client-1.18
nv-websocket-client-1.19
nv-websocket-client-1.2
nv-websocket-client-1.20
nv-websocket-client-1.21
nv-websocket-client-1.22
nv-websocket-client-1.23
nv-websocket-client-1.24
nv-websocket-client-1.25
nv-websocket-client-1.26
nv-websocket-client-1.27
nv-websocket-client-1.28
nv-websocket-client-1.29
nv-websocket-client-1.3
nv-websocket-client-1.30
nv-websocket-client-1.31
nv-websocket-client-1.4
nv-websocket-client-1.5
nv-websocket-client-1.6
nv-websocket-client-1.7
nv-websocket-client-1.8
nv-websocket-client-1.9
nv-websocket-client-2.*
nv-websocket-client-2.0
nv-websocket-client-2.1
nv-websocket-client-2.2