]
Brian Stansberry updated WFLY-12616:
------------------------------------
Security: (was: Security Issue)
Vulnerability in version wildfly-jdr-16.0.0.Final: CVE-2017-7503
----------------------------------------------------------------
Key: WFLY-12616
URL:
https://issues.redhat.com/browse/WFLY-12616
Project: WildFly
Issue Type: Bug
Reporter: Rory Torney
Assignee: Brian Stansberry
Priority: Major
Fix For: 14.0.0.Final
During a security scan the following vulnerability was raised against
wildfly-jdr-16.0.0.Final (I'm not sure if this issue is also present in
17.0.1.Final):
https://nvd.nist.gov/vuln/detail/CVE-2017-7503
According to this:
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_ap...
upgrading JBoss EAP to a version >= 7.2 should resolve this, though I'm not
entirely sure how EAP versions map to wildfly versions? According to the StackOverflow
post below, the version of wildfly in which this issue was raised (16.0.0.Final) , should
be mapped to EAP >= 7.2, but since this issue is being reported, maybe that is not the
case:
https://stackoverflow.com/questions/53448832/what-version-of-wildfly-corr...
Bug reports:
https://access.redhat.com/security/cve/cve-2017-7503
https://bugzilla.redhat.com/show_bug.cgi?id=1451960
https://bugzilla.redhat.com/show_bug.cgi?id=1451961