CVE-2018-14627 Vulnerability in maven package org.wildfly:wildfly-feature-pack

Description

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections:

Remediation

References

https://access.redhat.com/errata/RHSA-2018:3527

https://access.redhat.com/errata/RHSA-2018:3528

https://access.redhat.com/errata/RHSA-2018:3529

https://access.redhat.com/errata/RHSA-2018:3595

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627

https://issues.jboss.org/browse/WFLY-9107

https://security.netapp.com/advisory/ntap-20181221-0002/

Related Vulnerabilities

CVE-2019-16542 Vulnerability in maven package org.jenkins-ci.plugins:anchore-container-scanner

CVE-2021-25948 Vulnerability in npm package expand-hash

CVE-2016-10606 Vulnerability in npm package grunt-webdriver-qunit

CVE-2020-26149 Vulnerability in npm package nats.ws

CVE-2017-13098 Vulnerability in maven package com.madgag.spongycastle:bctls-jdk15on

Severity

Medium

Classification

CWE-319 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N