Main Vulnerability Database Vulnerabilities #VU51838

Improper validation of certificate with host mismatch in Couchbase Server Java SDK - CVE-2020-9040

Published: April 1, 2021

Vulnerability identifier: #VU51838

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-9040

CWE-ID: CWE-297

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Couchbase Server Java SDK

Software vendor:
Couchbase

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper validation of hosname in SSL certificates. A remote attacker can supply cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification and perform MitM attack.

Remediation

Install updates from vendor's website.

External links

https://www.couchbase.com/resources/security#SecurityAlerts

Improper validation of certificate with host mismatch in Couchbase Server Java SDK - CVE-2020-9040

Description

Remediation

External links

Please verify you're human