Search
Find a vulnerability
Search criteria
2 vulnerabilities found for JBoss/WildFly by [UNKNOWN]
CVE-2018-14627 (GCVE-0-2018-14627)
Vulnerability from nvd – Published: 2018-09-04 12:00 – Updated: 2024-08-05 09:29
VLAI
EPSS
VEX
Summary
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
Severity
5.3 (Medium)
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3528 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3527 | vendor-advisoryx_refsource_REDHAT |
| https://issues.jboss.org/browse/WFLY-9107 | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2018122… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3595 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3529 | vendor-advisoryx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| [UNKNOWN] | JBoss/WildFly |
Affected:
14.0.0
|
Date Public
2017-07-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name": "RHSA-2018:3528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name": "RHSA-2018:3527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/WFLY-9107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name": "RHSA-2018:3595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss/WildFly",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"datePublic": "2017-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: \u003ctransport-config confidentiality=\"required\" trust-in-target=\"supported\"/\u003e"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-22T10:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name": "RHSA-2018:3528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name": "RHSA-2018:3527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/WFLY-9107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name": "RHSA-2018:3595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JBoss/WildFly",
"version": {
"version_data": [
{
"version_value": "14.0.0"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: \u003ctransport-config confidentiality=\"required\" trust-in-target=\"supported\"/\u003e"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name": "RHSA-2018:3528",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name": "RHSA-2018:3527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"name": "https://issues.jboss.org/browse/WFLY-9107",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/WFLY-9107"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181221-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name": "RHSA-2018:3595",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3529",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-14627",
"datePublished": "2018-09-04T12:00:00.000Z",
"dateReserved": "2018-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:29:51.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14627 (GCVE-0-2018-14627)
Vulnerability from cvelistv5 – Published: 2018-09-04 12:00 – Updated: 2024-08-05 09:29
VLAI
EPSS
VEX
Summary
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
Severity
5.3 (Medium)
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3528 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3527 | vendor-advisoryx_refsource_REDHAT |
| https://issues.jboss.org/browse/WFLY-9107 | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2018122… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3595 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3529 | vendor-advisoryx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| [UNKNOWN] | JBoss/WildFly |
Affected:
14.0.0
|
Date Public
2017-07-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name": "RHSA-2018:3528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name": "RHSA-2018:3527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/WFLY-9107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name": "RHSA-2018:3595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss/WildFly",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"datePublic": "2017-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: \u003ctransport-config confidentiality=\"required\" trust-in-target=\"supported\"/\u003e"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-22T10:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name": "RHSA-2018:3528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name": "RHSA-2018:3527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/WFLY-9107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name": "RHSA-2018:3595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JBoss/WildFly",
"version": {
"version_data": [
{
"version_value": "14.0.0"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: \u003ctransport-config confidentiality=\"required\" trust-in-target=\"supported\"/\u003e"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name": "RHSA-2018:3528",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name": "RHSA-2018:3527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"name": "https://issues.jboss.org/browse/WFLY-9107",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/WFLY-9107"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181221-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name": "RHSA-2018:3595",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3529",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-14627",
"datePublished": "2018-09-04T12:00:00.000Z",
"dateReserved": "2018-07-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:29:51.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}