Description
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Remediation
References
Related Vulnerabilities
Dotclear Other Vulnerability (CVE-2007-3688)
WordPress Plugin Social Media Flying Icons-Floating Social Media Icon Cross-Site Scripting (2.1)
PHP Other Vulnerability (CVE-2005-1043)
WordPress Plugin Social Sharing-Kiwi Security Bypass (2.0.10)
WordPress Plugin WP Ultimate Exporter Cross-Site Scripting (1.0)