Description
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2738 Vulnerability (CVE-2019-2738)
MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-45363)
WordPress Plugin Gravity Forms Salesforce Cross-Site Scripting (1.2.4)
WordPress Plugin Gallery PhotoBlocks Cross-Site Scripting (1.1.40)
WordPress Plugin Share Posts To Email Cross-Site Scripting (1.0.2)