Description

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.

Remediation

References

CVE-2022-3143

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2005-3443)

Apache HTTP Server Numeric Errors Vulnerability (CVE-2006-3747)

Werkzeug WSGI Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2022-29361)

WordPress Plugin WordPress Gallery-NextGEN Gallery Cross-Site Request Forgery (3.28)

WordPress Plugin WP TFeed includes Backdoor [Only if downloaded via the vendor website] (1.6.7)

Severity

High

Classification

CVE-2022-3143 CWE-203 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities