Is CVE-2015-7575 applicable to wild fly

anuk Jan 29, 2016 5:24 AM

Hi ,

We are using Wildfly8.2final as a web server in application. I wanted to know whether wildfly is vulnerable SLOTH attack(CVE-2015-7575). Or it depends on the jre where the application is running.

Thanks and Regards

Anu

1. Re: Is CVE-2015-7575 applicable to wild fly

ctomc Jan 29, 2016 5:51 AM (in response to anuk)

WildFly as such no.
but JDK on top with you are running it, could be affected.

some list of RHEL packages that are affected https://access.redhat.com/security/cve/cve-2015-7575
and there is update for Oracle JDK see Oracle Critical Patch Update - January 2016 to fix this.
Actions
2. Re: Is CVE-2015-7575 applicable to wild fly

anuk Jan 29, 2016 5:56 AM (in response to ctomc)

Thank you. I wanted to confirm this. So that we can upgrade only java to fix this issue.
Actions

Go to original post