The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Build_of_quarkus | Redhat | - (including) | - (including) |
Integration_camel_for_spring_boot | Redhat | - (including) | - (including) |
Integration_camel_k | Redhat | - (including) | - (including) |
Integration_service_registry | Redhat | - (including) | - (including) |
Jboss_enterprise_application_platform | Redhat | 7.0.0 (including) | 7.0.0 (including) |
Jboss_fuse | Redhat | 7.0.0 (including) | 7.0.0 (including) |
Migration_toolkit_for_applications | Redhat | 6.0 (including) | 6.0 (including) |
Migration_toolkit_for_runtimes | Redhat | - (including) | - (including) |
Single_sign-on | Redhat | 7.0 (including) | 7.0 (including) |
Undertow | Redhat | 2.7.0 (including) | 2.7.0 (including) |