The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
Metrics
Affected Vendors & Products
References
History
Fri, 23 Aug 2024 05:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7 |
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2018-09-04T12:00:00
Updated: 2024-08-05T09:29:51.696Z
Reserved: 2018-07-27T00:00:00
Link: CVE-2018-14627
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-09-04T12:29:00.623
Modified: 2024-11-21T03:49:27.310
Link: CVE-2018-14627
Redhat