The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NRed Hat Build Of Quarkus
APPRedhatwszystkie wersjeRed Hat Integration Camel For Spring Boot
APPRedhatwszystkie wersjeRed Hat Integration Camel K
APPRedhatwszystkie wersjeRed Hat Integration Service Registry
APPRedhatwszystkie wersjeRed Hat Jboss Enterprise Application Platform
APPRedhat7.0.0Red Hat Jboss Fuse
APPRedhat7.0.0Red Hat Migration Toolkit For Applications
APPRedhat6.0Red Hat Migration Toolkit For Runtimes
APPRedhatwszystkie wersjeRed Hat Single Sign On
APPRedhat7.0Red Hat Undertow
APPRedhat2.7.0
Related vulnerabilities
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...
Brak walidacji nagłówka Host w serwerze Undertow HTTP
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerabili...
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable t...
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the ...