The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Maven | Apache | 3.0.4 (including) | 3.0.4 (including) |