CVE-2019-14887

Name of the Vulnerable Software and Affected Versions Wildfly versions 7.2.0.GA through 7.2.5.CR2

Description A flaw was found when an OpenSSL security provider is used with Wildfly, where the 'enabled-protocols' value in the Wildfly configuration isn't honored. This could allow an attacker to target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption and leading to a leak of the data being passed over the network.

Recommendations For Wildfly version 7.2.0.GA, update to a fixed version to resolve the issue. For Wildfly version 7.2.3.GA, update to a fixed version to resolve the issue. For Wildfly version 7.2.5.CR2, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting the use of the OpenSSL security provider until a patch is available. Restrict access to the vulnerable configuration to minimize the risk of exploitation.