HIGH🇵🇱 Wersja polska

CVE-2021-34433

CVSS 7.5v3.1pub. 2021-08-20upd. 2024-11-21

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Eclipse Californium

    APP
    Eclipse
    3.0.02.0.0 – 2.6.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-39368HIGH8.2ten sam produkt

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud servi...

CVE-2022-2576HIGH7.5ten sam produkt

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS...

CVE-2020-27222HIGH7.5ten sam produkt

In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidental...

CVE-2026-2586CRITICAL9.1ten sam vendor

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...

CVE-2026-2587CRITICAL9.6ten sam vendor

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...