[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-32531: Apache BookKeeper: Java Client Uses Connection to Host that Failed Ho
From: Enrico Olivelli <eolivelli () apache ! org>
Date: 2022-12-15 9:14:15
Message-ID: CACcefgfgnn7assSeTVLMaXDWuduiE=qxhFLx5NM_NtcKNVeYpA () mail ! gmail ! com
[Download RAW message or body]
Severity: Moderate
Description:
The Apache Bookkeeper Java Client (up to 4.14.5 and also 4.15.0) does
not close the connection to the
bookkeeper server when TLS hostname verification fails. This leaves
the bookkeeper client vulnerable to a man in the middle attack.
The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.
Solution:
Upgrade to 4.14.6 or to 4.15.1
References:
https://bookkeeper.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-32531
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic