Wildfly Vulnerabilities

gmarshall56 Dec 28, 2018 11:42 AM

Hello:

I see here that there are (were) a couple of vulnerabilities found in Wildfly this year..

https://www.cvedetails.com/vulnerability-list/vendor_id-25/product_id-27107/year-2018/Redhat-Jboss-Wildfly-Application-Server.html

It looks like there is a Denial of Service issue and a Directory Traversal issue had been posted here

Before I attempt to convince my IT security team that it is OK to deploy Wildfly on our production servers can somebody let me know if these and any other security / vulnerability issues have been cleaned up in Wildfly 15?

Thanks all for your time. Happy New Year.

Gary

1. Re: Wildfly Vulnerabilities

claudio4j Dec 28, 2018 1:55 PM (in response to gmarshall56)

The 2 CVE issues were fixed in Wildfly 12.

CVE-2018-1047
https://issues.jboss.org/browse/WFLY-9620

CVE-2016-9589 (this issue is not visible, don't know why)
https://issues.jboss.org/browse/WFLY-7725

https://access.redhat.com/security/cve/cve-2018-1047
https://access.redhat.com/security/cve/cve-2016-9589
Actions