Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
Low severity
GitHub Reviewed
Published
Jun 5, 2020
to the GitHub Advisory Database
•
Updated Jun 9, 2026
Description
Published by the National Vulnerability Database
Apr 27, 2020
Reviewed
Jun 4, 2020
Published to the GitHub Advisory Database
Jun 5, 2020
Last updated
Jun 9, 2026
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
References