Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/muneebaashiq/MBProjects
- https://github.com/srchen1987/springcloud-distributed-transaction