On Wed, 13 Nov 2019 15:55:18 +0100 Laurent Bigonville
wrote:
> Hi,
>
> Except if I'm severly mistaken, it seems that jconsole does not
verify the
> domain name nor check whether the CA is trusted when connecting to a JVM
> that has SSL enabled for JMX.
>
> This can lead to MITM and stealing of
Package: openjdk-11-jdk
Version: 11.0.5+10-2
Severity: important
File: /usr/lib/jvm/java-11-openjdk-amd64/bin/jconsole
Tags: security
Hi,
Except if I'm severly mistaken, it seems that jconsole does not verify the
domain name nor check whether the CA is trusted when connecting to a JVM
that has SS
2 matches
Mail list logo