CWE-297 - Improper Validation of Certificate with Host Mismatch

Description

This weakness describes a case where software uses SSL/TLS connection but fails to properly verify that the certificate is associated withe the hostname.

Latest vulnerabilities for CWE-297

Multiple vulnerabilities in IBM Voice Gateway 2022-04-15
Medium Yes

Multiple vulnerabilities in IBM Monitor Component 2022-03-20
Medium Yes

Multiple vulnerabilities in Node.js 2022-01-12
Medium Yes

Information disclosure in Fortinet FortiOS 2021-11-16
Low Yes

MitM attack in Apache Fineract 2021-05-28
Medium Yes

Multiple vulnerabilities in Red Hat OpenShift Serverless 2021-05-22
High Yes

MitM-attack in urllib3 library 2021-03-22
Medium Yes

Multiple vulnerabilities in PJSIP 2021-03-11
Medium Yes

Multiple vulnerabilities in Red Hat OpenShift Serverless 2021-01-15
High Yes

Multiple vulnerabilities in Red Hat Quay 2021-01-12
High Yes

References

Description of CWE-297 on Mitre website