A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NRed Hat Jboss Data Grid
APPRedhat7.0.0Red Hat Jboss Enterprise Application Platform
APPRedhat7.0.0Red Hat Jboss Fuse
APPRedhat7.0.0Red Hat Openshift Application Runtimes
APPRedhatwszystkie wersjeRed Hat Single Sign On
APPRedhat7.0Red Hat Wildfly
APPRedhat7.2.07.2.37.2.5
Powiązane podatności
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...
Brak walidacji nagłówka Host w serwerze Undertow HTTP
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerabili...
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would perm...
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpr...