HIGH✓ PATCH🇬🇧 English

CVE-2022-4492

CVSS 7.5v3.1pub. 2023-02-23upd. 2025-03-12

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Red Hat Build Of Quarkus

    APP
    Redhat
    wszystkie wersje
  • Red Hat Integration Camel For Spring Boot

    APP
    Redhat
    wszystkie wersje
  • Red Hat Integration Camel K

    APP
    Redhat
    wszystkie wersje
  • Red Hat Integration Service Registry

    APP
    Redhat
    wszystkie wersje
  • Red Hat Jboss Enterprise Application Platform

    APP
    Redhat
    7.0.0
  • Red Hat Jboss Fuse

    APP
    Redhat
    7.0.0
  • Red Hat Migration Toolkit For Applications

    APP
    Redhat
    6.0
  • Red Hat Migration Toolkit For Runtimes

    APP
    Redhat
    wszystkie wersje
  • Red Hat Single Sign On

    APP
    Redhat
    7.0
  • Red Hat Undertow

    APP
    Redhat
    2.7.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2017-12149CRITICAL9.8⚠ KEVten sam produkt

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...

CVE-2025-12543CRITICAL9.6PL ✓ten sam produkt

Brak walidacji nagłówka Host w serwerze Undertow HTTP

CVE-2022-4361CRITICAL10.0ten sam produkt

Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerabili...

CVE-2022-4116CRITICAL9.8ten sam produkt

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable t...

CVE-2019-14887CRITICAL9.1ten sam produkt

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the ...