Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Security Vulnerability - Common Weakness Enumeration (CWE) CWE-295

See original GitHub issue

Expected behavior

is there a fix for

Common Weakness Enumeration (CWE) CWE-295 - Improper Certificate Validation The software does not validate, or incorrectly validates, a certificate.

Steps to reproduce

Minimal yet complete reproducer code (or URL to code)

4.1.44

JVM version (e.g. java -version)

OS version (e.g. uname -a)

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:9 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
slandellecommented, Jan 8, 2020

This refers to https://github.com/netty/netty/issues/8537.

In Java, hostname verification is not enabled by default, you have to set the protocol to “HTTPS” in the SSLParameters of the SSLEngine, see https://github.com/netty/netty/issues/8537 and https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#setEndpointIdentificationAlgorithm-java.lang.String-

0reactions
vibin22commented, Feb 25, 2020

@vibin22 like @slandelle said. I would argue this is not an issue with netty but with the configuration that the user applies.

Thanks for the response.

Read more comments on GitHub >

github_iconTop Results From Across the Web

CWE-295: Improper Certificate Validation (4.9) - MITRE
CWE-295 : Improper Certificate Validation ; Implementation, REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Read more >
Common weakness enumeration (CWE) database
Common weakness enumeration (CWE) database is a categorized list of security related flaw in software. We use CWE identifiers to describe types of ......
Read more >
NVD CWE Slice
The Common Weakness Enumeration Specification (CWE) provides a common ... finding and dealing with the causes of software security vulnerabilities as they ...
Read more >
Improper Certificate Validation - Martello Security
CWE entries in this view (slice) are often seen in mobile applications. Common Weakness Enumeration content on this website is copyright of The...
Read more >
A Novel Model for Vulnerability Analysis through Enhanced ...
... CWE, CAPEC, directed graph,. IACS, cybersecurity, vulnerability assessment, security metrics, ... Weakness Enumeration (CWE) [52], [53], or to aggregate.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Error flushing and closing an idle Connection

Next page

WS403Responder always stays in the pipeline