A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file’s ID is ‘unknown’. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity.
[
{
"product": "JBCS httpd",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "JBCS httpd 2.4.37 SP5"
}
]
}
]