Candidate: CVE-2014-3607
PublicDate: 2018-01-08 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3607
 http://shibboleth.net/community/advisories/secadv_20140919.txt
Description:
 DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly
 verify that the server hostname matches a domain name in the subject's
 Common Name (CN) field of the X.509 certificate, which allows
 man-in-the-middle attackers to spoof SSL servers via an arbitrary valid
 certificate.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763608
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N [5.9 MEDIUM]

Patches_libvt-ldap-java:
upstream_libvt-ldap-java: released (3.3.8-1)
precise_libvt-ldap-java: DNE
trusty_libvt-ldap-java: DNE
trusty/esm_libvt-ldap-java: DNE
vivid_libvt-ldap-java: not-affected (3.3.8-1)
devel_libvt-ldap-java: not-affected