Description

A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication.

Remediation

References

CVE-2021-20324

Related Vulnerabilities

WordPress Plugin Inline Call To Action Builder Lite-Free Call To Action Layer for WordPress includes Backdoor [Only if downloaded via the vendor website] (1.1.0)

WordPress Plugin Hustle-Pop-Ups, Slide-ins and Email Opt-ins CSV Injection (6.0.7)

Oracle Database Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)

Oracle Application Server CVE-2009-0974 Vulnerability (CVE-2009-0974)

WordPress Plugin Limit Login Attempts Security Bypass (1.7.0)

Severity

Medium

Classification

CVE-2021-20324 CWE-384 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities