MEDIUM🇬🇧 English

CVE-2023-2974

CVSS 6.5v3.1pub. 2023-07-04upd. 2024-11-21

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
  • Red Hat Build Of Quarkus

    APP
    Redhat
    < 2.13.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-4116CRITICAL9.8ten sam produkt

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable t...

CVE-2023-6394HIGH7.4ten sam produkt

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based perm...

CVE-2023-4853HIGH8.1ten sam produkt

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations cor...

CVE-2023-1108HIGH7.5ten sam produkt

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected han...

CVE-2022-4492HIGH7.5ten sam produkt

The undertow client is not checking the server identity presented by the server certificate in https connectio...