The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of WildFly

computer vulnerability bulletin CVE-2019-3894

Red Hat JBoss Enterprise Application Platform, WildFly: privilege escalation via ElytronManagedThread

Synthesis of the vulnerability

An attacker can bypass restrictions via ElytronManagedThread of Red Hat JBoss Enterprise Application Platform, in order to escalate his privileges.
Impacted products: JBoss EAP by Red Hat, Red Hat SSO, WildFly.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet server.
Creation date: 06/05/2019.
Identifiers: CVE-2019-3894, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-29228.

Description of the vulnerability

An attacker can bypass restrictions via ElytronManagedThread of Red Hat JBoss Enterprise Application Platform, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-3805

WildFly: privilege escalation via PID File

Synthesis of the vulnerability

An attacker can bypass restrictions via PID File of WildFly, in order to escalate his privileges.
Impacted products: JBoss EAP by Red Hat, Red Hat SSO, WildFly.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 06/05/2019.
Identifiers: CVE-2019-3805, RHSA-2019:1106-01, RHSA-2019:1107-01, RHSA-2019:1108-01, RHSA-2019:1140-01, VIGILANCE-VUL-29227.

Description of the vulnerability

An attacker can bypass restrictions via PID File of WildFly, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-10934

WildFly: Cross Site Scripting via JBoss Management Console

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via JBoss Management Console of WildFly, in order to run JavaScript code in the context of the web site.
Impacted products: JBoss EAP by Red Hat, Red Hat SSO, WildFly.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 19/02/2019.
Identifiers: CVE-2018-10934, RHBUG-1615673, RHSA-2019:0362-01, RHSA-2019:0364-01, RHSA-2019:0365-01, RHSA-2019:0380-01, RHSA-2019:1159-01, RHSA-2019:1160-01, RHSA-2019:1161-01, RHSA-2019:1162-01, VIGILANCE-VUL-28538.

Description of the vulnerability

The WildFly product offers a web service.

However, it does not filter received data via JBoss Management Console before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via JBoss Management Console of WildFly, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-14627

WildFly: information disclosure via IIOP SSL Required

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via IIOP SSL Required of WildFly, in order to obtain sensitive information.
Impacted products: JBoss EAP by Red Hat, Red Hat SSO, WildFly.
Severity: 2/4.
Consequences: data reading.
Provenance: LAN.
Creation date: 05/09/2018.
Identifiers: CVE-2018-14627, RHSA-2018:3527-01, RHSA-2018:3528-01, RHSA-2018:3529-01, RHSA-2018:3592-01, RHSA-2018:3593-01, RHSA-2018:3595-01, VIGILANCE-VUL-27147, WFLY-9107.

Description of the vulnerability

An attacker can bypass access restrictions to data via IIOP SSL Required of WildFly, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-10862

WildFly: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of WildFly, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Impacted products: JBoss EAP by Red Hat, WildFly.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 27/07/2018.
Identifiers: 1593527, CVE-2018-10862, RHSA-2018:2276-01, RHSA-2018:2277-01, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, VIGILANCE-VUL-26853, WFCORE-3938.

Description of the vulnerability

An attacker can traverse directories of WildFly, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1047

WildFly: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of WildFly, in order to read a file outside the service root path.
Impacted products: JBoss EAP by Red Hat, WildFly.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 25/01/2018.
Identifiers: CVE-2018-1047, RHSA-2018:1247-01, RHSA-2018:1248-01, RHSA-2018:1249-01, RHSA-2018:1251-01, VIGILANCE-VUL-25151, WFLY-9620.

Description of the vulnerability

An attacker can traverse directories of WildFly, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-0793

WildFly: file reading WEB-INF/META-INF

Synthesis of the vulnerability

An attacker can read a WEB-INF/META-INF file of WildFly, in order to obtain sensitive information.
Impacted products: Brocade Network Advisor, Unisphere EMC, JBoss AS OpenSource, WildFly.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 04/04/2016.
Identifiers: 1305937, 499009, BSA-2017-314, CVE-2016-0793, ESA-2017-056, VIGILANCE-VUL-19295.

Description of the vulnerability

The WildFly product uses a filter to forbid the WEB-INF/META-INF files to be read.

However, on Windows, an attacker can use lowercase characters, to bypass file access restrictions of WEB-INF/META-INF.

An attacker can therefore read a WEB-INF/META-INF file of WildFly, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 18196

WildFly: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of WildFly, in order to force the victim to perform operations.
Impacted products: WildFly.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 27/10/2015.
Identifiers: VIGILANCE-VUL-18196, WFLY-5586.

Description of the vulnerability

The WildFly product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of WildFly, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-7853

JBoss AS: information disclosure via JacORB

Synthesis of the vulnerability

An attacker can bypass access restrictions to data in JacORB of JBoss AS, in order to obtain sensitive information.
Impacted products: RHEL, JBoss EAP by Red Hat, WildFly.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 04/05/2015.
Identifiers: CVE-2014-7853, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0920-01, VIGILANCE-VUL-16803.

Description of the vulnerability

An attacker can bypass access restrictions to data in JacORB of JBoss AS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-7849

JBoss AS: read-write access via RBAC

Synthesis of the vulnerability

An attacker can bypass access restrictions of RBAC of JBoss AS, in order to read or alter data.
Impacted products: RHEL, JBoss EAP by Red Hat, WildFly.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: intranet client.
Creation date: 04/05/2015.
Identifiers: CVE-2014-7849, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0920-01, VIGILANCE-VUL-16802.

Description of the vulnerability

An attacker can bypass access restrictions of RBAC of JBoss AS, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about WildFly: