Couchbase Server Java SDK prior to 2.7.1.1 allows a potential malicious user to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
couchbase couchbase server java sdk |