A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5151 advisory.

  - undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  - wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

  - wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users     (CVE-2021-3717)

  - resteasy: Error message exposes endpoint class information (CVE-2021-20289)

  - jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  - xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5149 advisory.

  - undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  - wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

  - wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users     (CVE-2021-3717)

  - resteasy: Error message exposes endpoint class information (CVE-2021-20289)

  - jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  - xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5150 advisory.

  - undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  - wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

  - wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users     (CVE-2021-3717)

  - resteasy: Error message exposes endpoint class information (CVE-2021-20289)

  - jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  - xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4676 advisory.

  - undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  - wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users     (CVE-2021-3717)

  - resteasy: Error message exposes endpoint class information (CVE-2021-20289)

  - mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)

  - jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4677 advisory.

  - undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  - wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users     (CVE-2021-3717)

  - resteasy: Error message exposes endpoint class information (CVE-2021-20289)

  - mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)

  - jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
156111	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 8 (Moderate) (RHSA-2021:5151)	Nessus	Red Hat Local Security Checks	high
156109	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 6 (Moderate) (RHSA-2021:5149)	Nessus	Red Hat Local Security Checks	high
156106	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 7 (Moderate) (RHSA-2021:5150)	Nessus	Red Hat Local Security Checks	high
155386	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 7 (Moderate) (RHSA-2021:4676)	Nessus	Red Hat Local Security Checks	high
155365	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.2 security update on RHEL 8 (Moderate) (RHSA-2021:4677)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2021-3717

high

Tenable Plugins

high

high

high

high

high