WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP CVE-2022-4492 Vulnerability (CVE-2022-4492)

Description

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

Remediation

References

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-5688)

Next.js Uncontrolled Recursion Vulnerability (CVE-2024-47831)

WordPress Plugin Testimonial Cross-Site Scripting (1.5.9)

Oracle Database Server CVE-2015-2595 Vulnerability (CVE-2015-2595)

MediaWiki Missing Authentication for Critical Function Vulnerability (CVE-2019-12468)

Severity

Critical

Classification

CVE-2022-4492 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities