Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-34433
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行实体认证的密钥交换
Source: NVD (National Vulnerability Database)
Vulnerability Title
Eclipse Californium 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Eclipse Californium是Eclipse基金会的一款基于Java的为物联网提供Coap后端支持的代码库。 Eclipse Californium 存在数据伪造问题漏洞,该漏洞源于客户端的该产品未验证来自服务端的基于 DTLS 握手信息的证书。以下产品及版本受到影响:Eclipse Californium 2.0.0 至 2.6.4 版本,Eclipse Californium 3.0.0-M1 至 3.0.0-M3 版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
The Eclipse FoundationEclipse Californium 2.0.0 ~ unspecified -
II. Public POCs for CVE-2021-34433
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-34433
Please Login to view more intelligence information
New Vulnerabilities
Product: Eclipse Californium
Vendor: The Eclipse Foundation
Same weakness: CWE-322
V. Comments for CVE-2021-34433

No comments yet

Leave a comment