Описание
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| undertow | fixed | 2.3.8-1 | experimental | package |
| undertow | fixed | 2.3.8-2 | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2153260 has missing public details
Fixed by https://github.com/undertow-io/undertow/pull/1447
EPSS
Связанные уязвимости
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Undertow client not checking server identity presented by server certificate in https connections
EPSS