Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification
Vulnerability Description
The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Apache BookKeeper 信任管理问题漏洞
Vulnerability Description
Apache BookKeeper是美国阿帕奇(Apache)基金会的一个针对实时工作负载优化的可扩展、容错和低延迟存储服务。 Apache Bookkeeper Java Client 4.14.6 之前版本和 4.15.0 之前版本存在信任管理问题漏洞,该漏洞源于当 TLS 主机名验证失败时,不会关闭与簿记服务器的连接, 这使得簿记员客户端容易受到中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A