Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-297 (对宿主不匹配的证书验证不恰当) — Vulnerability Class 36

36 vulnerabilities classified as CWE-297 (对宿主不匹配的证书验证不恰当). AI Chinese analysis included.

CWE-297 represents a critical validation weakness where software fails to verify that an SSL/TLS certificate’s identity matches the intended host. This flaw allows attackers to exploit the trust relationship by presenting a valid, properly signed certificate issued for a different domain. Consequently, malicious actors can perform man-in-the-middle attacks, intercepting sensitive data or injecting malicious content without triggering security warnings. Developers prevent this vulnerability by implementing strict hostname verification during the TLS handshake. This process involves comparing the server’s hostname against the Common Name or Subject Alternative Name fields in the certificate. By ensuring the certificate explicitly authorizes the specific host being contacted, applications maintain data integrity and confidentiality, effectively neutralizing impersonation attempts even when the certificate chain itself is technically valid.

MITRE CWE Description
The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host. Even if a certificate is well-formed, signed, and follows the chain of trust, it may simply be a valid certificate for a different site than the site that the product is interacting with. In order to ensure data integrity, the certificate must be valid, and it must pertain to the site that is being accessed. Even if the product attempts to check the hostname, it is still possible to incorrectly check the hostname. For example, attackers could create a certificate with a name that begins with a trusted name followed by a NUL byte, which could cause some string-based comparisons to only examine the portion that contains the trusted name.
Common Consequences (3)
Access ControlGain Privileges or Assume Identity
The data read from the system vouched for by the certificate may not be from the expected system.
Authentication, OtherOther
Trust afforded to the system in question - based on the malicious certificate - may allow for spoofing or redirection attacks.
Access Control, OtherGain Privileges or Assume Identity, Other
If the certificate's host-specific data is not properly checked - such as the Common Name (CN) in the Subject or the Subject Alternative Name (SAN) extension of an X.509 certificate - it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provid…
Mitigations (2)
Architecture and DesignFully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (1)
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification — Apache Thrift 7.5 -2026-05-05
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification — Apache Thrift 7.5AIHighAI2026-04-28
CVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass — Apache Log4j Core 8.2AIHighAI2026-04-10
CVE-2025-59060 Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient — Apache Ranger 5.3AIMediumAI2026-03-03
CVE-2026-26214 Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM — Galaxy FDS Android SDK 7.4 High2026-02-12
CVE-2025-68637 Apache Uniffle: Insecure SSL Configuration in Uniffle HTTP Client — Apache Uniffle 5.9 -2026-01-07
CVE-2025-68161 Apache Log4j Core: Missing TLS hostname verification in Socket appender — Apache Log4j Core 7.4AIHighAI2025-12-18
CVE-2025-25253 Fortinet FortiOS和Fortinet FortiProxy 安全漏洞 — FortiProxy 6.8 High2025-10-14
CVE-2024-12925 Host Header Injection in Akinsoft's QR Menu — QR Menü 7.3 High2025-09-01
CVE-2025-4295 Host Header Injection in HotelRunner's B2B — B2B 4.6 Medium2025-07-22
CVE-2024-54019 Fortinet FortiClientWindows 安全漏洞 — FortiClientWindows 4.4 Medium2025-06-10
CVE-2025-3501 Org.keycloak.protocol.services: keycloak hostname verification 8.2 High2025-04-29
CVE-2025-42921 JetBrains Toolbox App 安全漏洞 — Toolbox App 4.2 Medium2025-04-17
CVE-2025-2190 TECNO com.transsnet.store 安全漏洞 — com.transsnet.store 8.1 -2025-03-11
CVE-2024-49782 IBM OpenPages improper certificate validation — OpenPages with Watson 6.8 Medium2025-02-20
CVE-2024-38324 IBM Storage Defender improper certificate validation — Storage Defender - Resiliency Service 5.9 Medium2024-09-24
CVE-2024-7346 Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation — OpenEdge 7.2 High2024-09-03
CVE-2024-8285 Kroxylicious: missing upstream kafka tls hostname verification 5.9 Medium2024-08-30
CVE-2024-2462 Hitachi FOXMAN-UN 安全漏洞 — FOXMAN-UN 9.1AICriticalAI2024-06-11
CVE-2023-5909 Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx — KEPServerEX 7.5 High2023-11-30
CVE-2022-22305 多款Fortinet产品信任管理问题漏洞 — FortiAnalyzer 5.4 Medium2023-09-01
CVE-2023-34143 Improper Validation of Certificate Vulnerability in Hitachi Device Manager — Hitachi Device Manager 5.6 Medium2023-07-18
CVE-2023-24568 Dell NetWorker 信任管理问题漏洞 — NetWorker 5.0 Medium2023-05-30
CVE-2022-48308 Palantir 信任管理问题漏洞 — sls-logging 6.3 Medium2023-02-16
CVE-2022-48307 Palantir 信任管理问题漏洞 — Foundry Magritte 6.3 Medium2023-02-16
CVE-2022-48306 Gotham Chat IRC help does not validate hostnames in TLS certificates — Palantir Gotham Chat IRC helper 5.7 Medium2023-02-16
CVE-2022-27890 Palantir 信任管理问题漏洞 — AtlasDB 6.3 Medium2023-02-16
CVE-2022-32153 Splunk Enterprise lacked TLS host name validation — Splunk Enterprise 8.1 High2022-06-15
CVE-2022-29082 DELL EMC NetWorker 信任管理问题漏洞 — NetWorker 3.7 Low2022-05-26
CVE-2021-33695 SAP ERP 信任管理问题漏洞 — SAP Cloud Connector 9.1 -2021-09-15

Vulnerabilities classified as CWE-297 (对宿主不匹配的证书验证不恰当) represent 36 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.