Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-12616

Vulnerability in version wildfly-jdr-16.0.0.Final: CVE-2017-7503

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Done
    • None
    • 14.0.0.Final
    • None
    • None
    • This issue is security relevant

    Description

      During a security scan the following vulnerability was raised against wildfly-jdr-16.0.0.Final (I'm not sure if this issue is also present in 17.0.1.Final):

      https://nvd.nist.gov/vuln/detail/CVE-2017-7503

      According to this:

      https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/7.2.0_release_notes/index#fixed_cves

      upgrading JBoss EAP to a version >= 7.2 should resolve this, though I'm not entirely sure how EAP versions map to wildfly versions? According to the StackOverflow post below, the version of wildfly in which this issue was raised (16.0.0.Final) , should be mapped to EAP >= 7.2, but since this issue is being reported, maybe that is not the case:

      https://stackoverflow.com/questions/53448832/what-version-of-wildfly-corresponds-to-eap-7-2

      Bug reports:

      https://access.redhat.com/security/cve/cve-2017-7503
      https://bugzilla.redhat.com/show_bug.cgi?id=1451960
      https://bugzilla.redhat.com/show_bug.cgi?id=1451961

      Attachments

        Activity

          People

            bstansbe@redhat.com Brian Stansberry
            rory-microfocus Rory Torney (Inactive)
            Alessio Soldano, Jeff Mesnil, Kabir Khan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: