{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-3604", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131803", "refsource" : "MISC", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1131803" }, { "name" : "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml", "refsource" : "MISC", "url" : "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml" }, { "name" : "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172", "refsource" : "CONFIRM", "url" : "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172" }, { "name" : "RHSA-2015:1888", "refsource" : "REDHAT", "url" : "http://rhn.redhat.com/errata/RHSA-2015-1888.html" }, { "name" : "notyetcommons-cve20143604-sec-bypass(97659)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97659" } ] } }