Skip to main content

Californium

3 CVEs product

Monthly

CVE-2022-39368 Maven HIGH PATCH This Week

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Californium
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-2576 Maven HIGH POC PATCH This Week

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Californium
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-34433 HIGH This Week

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Californium
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Californium
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Californium
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Californium
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy