PT-2023-14569 · Undertow · Undertow

Sandipan Roy

Published

2023-02-23

Updated

2025-03-12

CVE-2022-4492

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Undertow (affected versions not specified)

Description The undertow client does not check the server identity presented by the server certificate in https connections, which is a compulsory step that should be performed by default in https and http/2. This issue affects the TLS client protocol.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-4492

GHSA-PFCC-3G6R-8RG8

RHSA-2023:1512

RHSA-2023:1513

RHSA-2023:1514

RHSA-2023:2705

RHSA-2023:2706

RHSA-2023:2707

RHSA-2025:9582

RHSA-2025:9583

Affected Products

Undertow

PT-2023-14569 · Undertow · Undertow

CVE-2022-4492

Weakness Enumeration

Related Identifiers

Affected Products

References · 21