The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2022-4492 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2153260 | Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20230324-0002/ |
Configurations
Configuration 1 (hide)
|
History
24 Mar 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Mar 2023, 19:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
03 Mar 2023, 15:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:migration_toolkit_for_runtimes:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:undertow:2.7.0:*:*:*:*:*:*:* |
|
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-4492 - Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2153260 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | NVD-CWE-noinfo | |
First Time |
Redhat migration Toolkit For Runtimes
Redhat integration Camel For Spring Boot Redhat Redhat jboss Enterprise Application Platform Redhat jboss Fuse Redhat integration Camel K Redhat migration Toolkit For Applications Redhat integration Service Registry Redhat single Sign-on Redhat build Of Quarkus Redhat undertow |
23 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-23 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4492
Mitre link : CVE-2022-4492
CVE.ORG link : CVE-2022-4492
JSON object : View
Products Affected
redhat
- jboss_fuse
- undertow
- integration_camel_for_spring_boot
- integration_camel_k
- single_sign-on
- integration_service_registry
- migration_toolkit_for_applications
- build_of_quarkus
- jboss_enterprise_application_platform
- migration_toolkit_for_runtimes
CWE