Wildfly Core Red Hat Wildfly Core

Do you want an email whenever new security vulnerabilities are reported in Red Hat Wildfly Core?

By the Year

In 2022 there have been 2 vulnerabilities in Red Hat Wildfly Core with an average score of 7.7 out of ten. Wildfly Core did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 2 7.65
2021 0 0.00
2020 0 0.00
2019 1 4.90
2018 1 5.50

It may take a day or so for new Wildfly Core vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Wildfly Core Security Vulnerabilities

A flaw was found in Wildfly

CVE-2021-3717 7.8 - High - May 24, 2022

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

Files or Directories Accessible to External Parties

A flaw was found in Undertow

CVE-2021-3629 7.5 - High - May 24, 2022

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

Resource Exhaustion

A flaw was found in wildfly-core before 7.2.5.GA

CVE-2019-14838 4.9 - Medium - October 14, 2019

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

authentification

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives

CVE-2018-10862 5.5 - Medium - July 27, 2018

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Wildfly Core or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe