CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Configurations

Configuration 1

No configuration.

Information

Published : 2023-02-23 08:15

Updated : 2023-02-23 10:58


NVD link : CVE-2022-4492

Mitre link : CVE-2022-4492

Products Affected
CWE
No CWE.