Description
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
Remediation
References
Related Vulnerabilities
WordPress Plugin My Calendar Cross-Site Scripting (2.3.28)
WordPress Plugin Super Interactive Maps for WordPress SQL Injection (2.1)
WordPress Plugin WP Fastest Cache Unspecified Vulnerability (0.8.8.5)
OpenSSL Resource Management Errors Vulnerability (CVE-2012-0027)
WordPress Plugin Simple Admin Language Change Security Bypass (2.0.1)