Primary

Context

Eclipse Jersey Race Condition Allows Bypass of SSL Trust Configurations

Vulnerability

Patched

A race condition vulnerability has been identified in Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9. This vulnerability can lead to the improper handling of critical SSL configurations, including mutual authentication, custom key and trust stores, and other security settings. Under normal circumstances, this issue may cause an SSLHandshakeException, but it could also result in unauthorized trust being granted to insecure servers, as demonstrated in the proof of concept.

Impact

Exploitation of this vulnerability can lead to incorrect trust decisions during SSL/TLS negotiations, allowing for unauthorized trust in insecure servers. This could potentially enable man-in-the-middle attacks or other forms of interception or manipulation of secure communications.

Remediation

Users can upgrade to Eclipse Jersey versions 2.46, 3.0.17, or 3.1.10, all of which include the necessary fix.

Added: Nov 18, 2025, 4:26 PM

Updated: Nov 18, 2025, 4:26 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

6.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

6.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse Jersey Race Condition Allows Bypass of SSL Trust Configurations

Vulnerability

Impact

Remediation

Affected Products

Eclipse Jersey

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating