CVE-2019-14887

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.

Se detectó un fallo cuando un proveedor de seguridad OpenSSL es usado con Wildfly, el valor de "enabled-protocols" en la configuración de Wildfly no es respetado. Un atacante podría apuntar al tráfico enviado desde Wildfly y degradar la conexión a una versión más débil de TLS, rompiendo potencialmente el cifrado. Esto podría conllevar a un filtrado de los datos que son pasados a través de la red. Se cree que Wildfly versiones 7.2.0.GA, 7.2.3.GA y 7.2.5.CR2 son vulnerables.