TLS Protocol Enforcement Bypass in quarkus-core

TLS Protocol Enforcement Bypass in quarkus-core

CVE-2023-2974 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

Learn more about our Web Application Penetration Testing UK.