Java Secure Socket Extension Certificate Validation Vulnerability

info
discussion
exploit
solution
references

Java Secure Socket Extension Certificate Validation Vulnerability

Java Secure Socket Extension (JSSE) is prone to a security vulnerability. JSSE may incorrectly validate certificates provided by a website. This would permit an untrusted Web site to appear as trusted with regards to SSL.

It should be noted that the JSSE included in the Java JRE/SDK 1.4.x is not affected by this issue.