VDB
DEBIAN-CVE-2022-4492
DEBIAN-CVE-2022-4492
PUBLISHED
CVSS 7.5 HIGH
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | undertow | 0, 1.3.11-1, 1.3.16-1 |
Timeline
- Feb 23, 2023 CVE Published
- Apr 28, 2026 CVE Updated