CVE-2014-3607
Publication date 8 January 2018
Last updated 25 August 2025
Ubuntu priority
Cvss 3 Severity Score
Description
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libvt-ldap-java | ||
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
5.9 · Medium
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N