An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.
CVSS
No CVSS.
References
Configurations
No configuration.
History
14 May 2024, 15:39
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
03 May 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-03 16:15
Updated : 2024-05-14 15:39
NVD link : CVE-2024-34447
Mitre link : CVE-2024-34447
CVE.ORG link : CVE-2024-34447
JSON object : View
Products Affected
No product.
CWE
No CWE.