Is there a patch for NVD - CVE-2019-17571 ? Is it just a matter of repacking org.jboss.log4j.logmanager with the latest log4j?
It looks like there is a ServerSocket.class packed with the module up to WF 18.
It looks like this issue written against EAP[JBEAP-16119] CVE-2017-5645 - log4j-core - Remote Code Execution (RCE) - Red Hat Issue Tracker
This is a related ticket, but about Log4J 2. I asked if the 2019 Log4J vulnerability would be addressed.
[WFCORE-482] Add log4j2 support for WildFly - Red Hat Issue Tracker