CVE-2014-3604

Name of the Vulnerable Software and Affected Versions Not Yet Commons SSL versions prior to 0.3.15

Description The issue arises from improper verification of the server hostname against the domain name in the subject's Common Name (CN) field of the X.509 certificate in the Certificates.java file. This allows man-in-the-middle attackers to spoof SSL servers using any valid certificate.

Recommendations For versions prior to 0.3.15, update to version 0.3.15 or later to resolve the issue. As a temporary workaround, consider implementing additional verification measures for server hostnames against the CN field of X.509 certificates to minimize the risk of exploitation.