Vulnerabilities > CVE-2019-11777 - Improper Handling of Exceptional Conditions vulnerability in Eclipse Paho Java Client 1.2.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

eclipse

CWE-755

NVD

Published: 2019-09-11

Updated: 2020-10-06

Summary

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

Vulnerable Configurations

Part	Description	Count
Application	Eclipse Eclipse Paho Java Client 1.2.0	1

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934