Описание
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Ссылки
- Issue TrackingMitigationVendor Advisory
- Third Party Advisory
- Issue TrackingMitigationVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.11.3 (исключая)
cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00366
Низкий
7.5 High
CVSS3
5.1 Medium
CVSS2
Дефекты
CWE-384
CWE-384
Связанные уязвимости
CVSS3: 7.5
redhat
почти 6 лет назад
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
EPSS
Процентиль: 58%
0.00366
Низкий
7.5 High
CVSS3
5.1 Medium
CVSS2
Дефекты
CWE-384
CWE-384