Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are…
An improper validation of certificate with host mismatch vulnerability exists in Apache Thrift, allowing remote attackers to exploit the issue. This can lead to a man-in-the-middle attack or eavesdropping. The vulnerability is exploitable over the network.
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
Developers using Apache Thrift are at high risk of a man-in-the-middle attack or eavesdropping and should upgrade to version 0.23.0 or later to mitigate the vulnerability.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
Affected Products
2
References
apache / thrift
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability
Impact