HIGH🇬🇧 English

CVE-2021-34433

CVSS 7.5v3.1pub. 2021-08-20upd. 2024-11-21

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Eclipse Californium

    APP
    Eclipse
    3.0.02.0.0 – 2.6.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-39368HIGH8.2ten sam produkt

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud servi...

CVE-2022-2576HIGH7.5ten sam produkt

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS...

CVE-2020-27222HIGH7.5ten sam produkt

In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidental...

CVE-2026-2586CRITICAL9.1ten sam vendor

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...

CVE-2026-2587CRITICAL9.6ten sam vendor

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...

CVE-2021-34433 — HIGH 7.5 | CVEbaza.pl