CVE-2018-14627 Vulnerability in maven package org.wildfly:wildfly-feature-pack

Description

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections:

Remediation

References

https://access.redhat.com/errata/RHSA-2018:3527

https://access.redhat.com/errata/RHSA-2018:3528

https://access.redhat.com/errata/RHSA-2018:3529

https://access.redhat.com/errata/RHSA-2018:3595

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627

https://issues.jboss.org/browse/WFLY-9107

https://security.netapp.com/advisory/ntap-20181221-0002/

Related Vulnerabilities

CVE-2016-10583 Vulnerability in npm package closure-util

CVE-2017-16120 Vulnerability in npm package liyujing

CVE-2023-45818 Vulnerability in npm package tinymce

CVE-2021-37305 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base

CVE-2019-3875 Vulnerability in maven package org.keycloak:keycloak-server-spi-private

Severity

Medium

Classification

CWE-319 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N