PT-2023-14569 · Undertow · Undertow

Sandipan Roy

Publicado

2023-02-23

Atualizado

2025-03-12

CVE-2022-4492

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Undertow (affected versions not specified)

Description The undertow client does not check the server identity presented by the server certificate in https connections, which is a compulsory step that should be performed by default in https and http/2. This issue affects the TLS client protocol.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2022-4492

GHSA-PFCC-3G6R-8RG8

RHSA-2023:1512

RHSA-2023:1513

RHSA-2023:1514

RHSA-2023:2705

RHSA-2023:2706

RHSA-2023:2707

RHSA-2025:9582

RHSA-2025:9583

Produtos afetados

Undertow

PT-2023-14569 · Undertow · Undertow

CVE-2022-4492

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21