Security Vulnerability - Common Weakness Enumeration (CWE) CWE-295
See original GitHub issueExpected behavior
is there a fix for
Common Weakness Enumeration (CWE) CWE-295 - Improper Certificate Validation The software does not validate, or incorrectly validates, a certificate.
Steps to reproduce
Minimal yet complete reproducer code (or URL to code)
4.1.44
JVM version (e.g. java -version
)
OS version (e.g. uname -a
)
Issue Analytics
- State:
- Created 4 years ago
- Comments:9 (7 by maintainers)
Top Results From Across the Web
CWE-295: Improper Certificate Validation (4.9) - MITRE
CWE-295 : Improper Certificate Validation ; Implementation, REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Read more >Common weakness enumeration (CWE) database
Common weakness enumeration (CWE) database is a categorized list of security related flaw in software. We use CWE identifiers to describe types of ......
Read more >NVD CWE Slice
The Common Weakness Enumeration Specification (CWE) provides a common ... finding and dealing with the causes of software security vulnerabilities as they ...
Read more >Improper Certificate Validation - Martello Security
CWE entries in this view (slice) are often seen in mobile applications. Common Weakness Enumeration content on this website is copyright of The...
Read more >A Novel Model for Vulnerability Analysis through Enhanced ...
... CWE, CAPEC, directed graph,. IACS, cybersecurity, vulnerability assessment, security metrics, ... Weakness Enumeration (CWE) [52], [53], or to aggregate.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This refers to https://github.com/netty/netty/issues/8537.
In Java, hostname verification is not enabled by default, you have to set the protocol to “HTTPS” in the SSLParameters of the SSLEngine, see https://github.com/netty/netty/issues/8537 and https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm-java.lang.String-
Thanks for the response.