A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.
Advisories
Source ID Title
EUVD EUVD EUVD-2019-5996 A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-05T00:26:39.145Z

Reserved: 2019-08-10T00:00:00

Link: CVE-2019-14887

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-03-16T15:15:12.130

Modified: 2024-11-21T04:27:36.843

Link: CVE-2019-14887

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-03-12T00:00:00Z

Links: CVE-2019-14887 - Bugzilla

cve-icon OpenCVE Enrichment

No data.