Lucene search
Redhat.comRH:CVE-2024-34447HistoryMay 06, 2024 - 4:10 a.m.
CVE-2024-34447
2024-05-0604:10:06
redhat.com
access.redhat.com
68
information security
A flaw was found in Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to a use of incorrectly-resolved name or reference issue when resolving domain names over an SSL socket that was created without an explicit hostname, such as in the HttpsURLConnection() function. If endpoint identification is enabled, this flow allows an attacker to trigger hostname verification against a DNS-resolved address.
Mitigation
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Related
nvd
nvd
CVE-2024-34447
2024-05-03 16:15:11
veracode
veracode
DNS Poisoning
2024-05-06 06:27:58
cvelist
cvelist
CVE-2024-34447
2024-05-03 00:00:00
cgr
cgr
CVE-2024-34447 vulnerabilities
2024-05-19 03:07:16
osv
osv
CGA-wvcg-3cjq-8wjm
2024-06-19 07:36:47
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
2024-05-03 18:30:37
debiancve
debiancve
CVE-2024-34447
2024-05-03 16:15:11
ibm
ibm
github
github
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
2024-05-03 18:30:37
cve
cve
CVE-2024-34447
2024-05-03 16:15:11
wolfi
wolfi
CVE-2024-34447 vulnerabilities
2024-07-03 03:08:38
vulnrichment
vulnrichment
CVE-2024-34447
2024-05-03 00:00:00
ubuntucve
ubuntucve
CVE-2024-34447
2024-05-03 00:00:00
nessus
nessus