Описание
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
A flaw was found in WildFly where multiple requests occurring concurrently could be handled using the identity of another request. This vulnerability occurs when using EE Security with WildFly Elytron. The largest threat from this vulnerability is data confidentiality and integrity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | wildfly | Not affected | ||
| Red Hat Fuse 7 | wildfly | Not affected | ||
| Red Hat JBoss Data Grid 7 | wildfly | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | jbossas | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | wildfly | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 5 | jbossas | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | jbossas | Out of support scope | ||
| Red Hat JBoss Fuse 6 | wildfly | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | wildfly | Out of support scope | ||
| Red Hat JBoss SOA Platform 5 | jbossas | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
A flaw was found in Soteria before 1.0.1, in a way that multiple reque ...
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
EPSS
4.2 Medium
CVSS3