Description
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1825714
https://security.netapp.com/advisory/ntap-20201223-0002/
Related Vulnerabilities
CVE-2019-20365 Vulnerability in maven package org.igniterealtime.openfire:xmppserver
CVE-2022-21164 Vulnerability in npm package node-lmdb
CVE-2018-16481 Vulnerability in npm package html-pages
CVE-2016-6346 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs
CVE-2016-4993 Vulnerability in maven package io.undertow:undertow-core