Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK’s Netty component due to missing hostname verification.
CPE | Name | Operator | Version |
---|---|---|---|
couchbase_server_java_sdk | ge | 1.7.1 | |
couchbase_server_java_sdk | lt | 2.7.1.1 |