CVE-2019-10091
N/A
N/A
Summary
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Apache Geode | Apache Tomcat 1.9.0 | affected |
Weaknesses
- Improper Certificate Validation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.