CVE-2014-3604: Cryptographic Issues

October 24, 2014 (updated January 4, 2018)

Certificates.java in Not Yet Commons SSL does not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

bugzilla.redhat.com/CVE-2014-3604

Detect and mitigate CVE-2014-3604 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →