漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections
Vulnerability Description
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request server_hostname parameters, then the later calls may succeed by reusing the existing connection when they should have been rejected due to the TLS SNI check. This vulnerability is fixed in 3.14.1.
CVSS Information
N/A
Vulnerability Type
对宿主不匹配的证书验证不恰当
Vulnerability Title
aio-libs aiohttp 加密问题漏洞
Vulnerability Description
aio-libs aiohttp是aio-libs的异步HTTP客户端/服务器框架。 aio-libs aiohttp 3.14.1之前版本存在加密问题漏洞,该漏洞源于TLS SNI检查可能被绕过,当现有连接被重用时,可能导致应用程序对不同server_hostname参数的请求通过重用已拒绝的连接而成功。
CVSS Information
N/A
Vulnerability Type
N/A