Description
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
Remediation
References
Related Vulnerabilities
WordPress Plugin PDF Viewer Cross-Site Scripting (0.1)
WordPress Plugin Custom Post View Generator Cross-Site Scripting (0.4.6)
MediaWiki Improper Authentication Vulnerability (CVE-2011-1766)
OpenSSL Other Vulnerability (CVE-2015-0208)
WordPress Plugin WP Custom Admin Login Page Logo Unspecified Vulnerability (1.4.1)