Description
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
Remediation
References
Related Vulnerabilities
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2019-19343)
Nginx CVE-2010-4180 Vulnerability (CVE-2010-4180)
Artifactory Incorrect Authorization Vulnerability (CVE-2021-45074)
WordPress Plugin Yoast SEO Cross-Site Scripting (20.2)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2891)