A flaw was found when an OpenSSL security provider is used with Wildfly, the enabled-protocols value in the Wildfly configuration isnt honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jboss_data_grid | Redhat | 7.0.0 (including) | 7.0.0 (including) |
| Jboss_enterprise_application_platform | Redhat | 7.0.0 (including) | 7.0.0 (including) |
| Jboss_fuse | Redhat | 7.0.0 (including) | 7.0.0 (including) |
| Openshift_application_runtimes | Redhat | - (including) | - (including) |
| Single_sign-on | Redhat | 7.0 (including) | 7.0 (including) |
| Wildfly | Redhat | 7.2.0-general_availability (including) | 7.2.0-general_availability (including) |
| Wildfly | Redhat | 7.2.3-general_availability (including) | 7.2.3-general_availability (including) |
| Wildfly | Redhat | 7.2.5-cr2 (including) | 7.2.5-cr2 (including) |