CVE-2019-11777

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
References
Link Resource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934 Issue Tracking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:eclipse:paho_java_client:1.2.0:*:*:*:*:*:*:*

Information

Published : 2019-09-11 06:15

Updated : 2020-10-06 05:39


NVD link : CVE-2019-11777

Mitre link : CVE-2019-11777

Products Affected
No products.