ASA-2019-00254 – IBM Planning Analytics: OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption

A vulnerability related to the Java SE Embedded JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. Java Secure Socket Extension (JSSE) implementation in OpenJDK did not ensure that the same endpoint identification algorithm was used during TLS session resumption as during initial session setup. An attacker could use this to expose sensitive information.