Vulnerabilites related to TooTallNate - Java-WebSocket
CVE-2020-11050 (GCVE-0-2020-11050)
Vulnerability from cvelistv5
Published
2020-05-07 20:15
Modified
2024-08-04 11:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-297 - Improper Validation of Certificate with Host Mismatch
Summary
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TooTallNate | Java-WebSocket |
Version: <= 1.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java-WebSocket",
"vendor": "TooTallNate",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297: Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-07T20:15:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339"
}
],
"source": {
"advisory": "GHSA-gw55-jm4h-x339",
"discovery": "UNKNOWN"
},
"title": "Improper Validation of Certificate with Host Mismatch in Java-WebSocket",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11050",
"STATE": "PUBLIC",
"TITLE": "Improper Validation of Certificate with Host Mismatch in Java-WebSocket"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java-WebSocket",
"version": {
"version_data": [
{
"version_value": "\u003c= 1.4.1"
}
]
}
}
]
},
"vendor_name": "TooTallNate"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-297: Improper Validation of Certificate with Host Mismatch"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339",
"refsource": "CONFIRM",
"url": "https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339"
}
]
},
"source": {
"advisory": "GHSA-gw55-jm4h-x339",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11050",
"datePublished": "2020-05-07T20:15:12",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}