The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
History

Fri, 23 Aug 2024 05:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-09-04T12:00:00

Updated: 2024-08-05T09:29:51.696Z

Reserved: 2018-07-27T00:00:00

Link: CVE-2018-14627

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-09-04T12:29:00.623

Modified: 2024-11-21T03:49:27.310

Link: CVE-2018-14627

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-07-19T00:00:00Z

Links: CVE-2018-14627 - Bugzilla