Description

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections:

Remediation

References

https://access.redhat.com/errata/RHSA-2018:3527

https://access.redhat.com/errata/RHSA-2018:3528

https://access.redhat.com/errata/RHSA-2018:3529

https://access.redhat.com/errata/RHSA-2018:3595

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627

https://issues.jboss.org/browse/WFLY-9107

https://security.netapp.com/advisory/ntap-20181221-0002/

Related Vulnerabilities

CVE-2015-8855 Vulnerability in maven package org.webjars.npm:semver

CVE-2022-36919 Vulnerability in maven package org.jenkins-ci.plugins:coverity

CVE-2015-5262 Vulnerability in maven package org.apache.httpcomponents:httpclient

CVE-2019-10409 Vulnerability in maven package hudson.plugins:project-inheritance

CVE-2023-38507 Vulnerability in npm package @strapi/admin

Severity

Medium

Classification

CWE-319 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory Issue Tracking Patch