Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
1.4
-
None
-
None
-
None
-
All
Description
See.
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
Using JSSE you must manually validate server name you're connecting to matches one of the names provided by the certificate. So you can detect a man-in-the-middle type attack with a valid certificate for other site.
Attachments
Attachments
Issue Links
- is superceded by
-
AXIS-2905 Insecure certificate validation CVE-2014-3596
- Closed