Description
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
Remediation
References
https://github.com/zaproxy/zaproxy/issues/7165
http://www.openwall.com/lists/oss-security/2022/03/24/3
https://github.com/zaproxy/zaproxy/releases
https://www.openwall.com/lists/oss-security/2022/03/23/1
Related Vulnerabilities
CVE-2023-23630 Vulnerability in npm package eta
CVE-2021-23451 Vulnerability in npm package otp-generator
CVE-2019-18212 Vulnerability in maven package org.lsp4xml:lsp4xml-extensions
CVE-2019-12406 Vulnerability in maven package org.apache.cxf:cxf-core
CVE-2016-10750 Vulnerability in maven package com.hazelcast:hazelcast-client