CVE-2020-25680 in JBoss Core Services httpdinfo

Summary

by MITRE • 01/07/2021

A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

01/07/2021

Moderation

accepted

Entry

VDB-167415

CPE

ready

CWE

CWE-295 (confirmed)

CVSS

5.0 (VulDB)

EPSS

0.00327

KEV

Activities

very low

Sector

Insurance, Government, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-25680
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-25680
CVE Details	https://www.cvedetails.com/cve/CVE-2020-25680/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!