CWE-297

Overview

CWE ID
297

CWE Name
Improper Validation of Certificate with Host Mismatch

CWE Abstraction
Variant

CWE structure
Simple

CWE Status
Incomplete

Description

The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.

Extended Description

Related CWEs

CWE ID	View ID	Nature	Ordinal
923	1000	ChildOf	Primary
295	1000	ChildOf

Related CVEs

CVE
CVE-2017-2912
CVE-2017-2911
CVE-2020-14387
CVE-2016-1280
CVE-2018-10936
CVE-2014-3603
CVE-2014-3522
CVE-2022-41243
CVE-2022-41244
CVE-2022-27890
CVE-2022-48306
CVE-2022-48307
CVE-2022-48308
CVE-2022-22305
CVE-2023-5909
CVE-2023-24568
CVE-2023-34143
CVE-2024-2462
CVE-2024-32868
CVE-2023-34143
CVE-2024-2462
CVE-2024-32868
CVE-2024-8285
CVE-2024-7346
CVE-2024-38324
CVE-2024-38324
CVE-2024-38324
CVE-2024-38324
CVE-2024-38324
CVE-2024-38324
CVE-2024-38324
CVE-2024-38324
CVE-2024-38324
CVE-2024-38324
CVE-2024-38324