Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-3642)

Description

A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.

Remediation

References

Related Vulnerabilities

Magento Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2019-8126)

SharePoint CVE-2024-38018 Vulnerability (CVE-2024-38018)

MySQL CVE-2021-2208 Vulnerability (CVE-2021-2208)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2963)

Claroline Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3716)

Severity

Medium

Classification

CVE-2021-3642 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities