CVE-2019-11777
7.5HIGHIn the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow on
게시됨: 9/11/2019업데이트됨: 11/21/2024
설명
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
AI 분석AI 기반
영향받는 제품
eclipsepaho_java_client
1.2.0
참조
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934Issue TrackingVendor Advisory
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934Issue TrackingVendor Advisory