N/A

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.

N/A

在会话协商时选择低安全性的算法(算法降级)

红帽 Red Hat Wildfly 安全漏洞

Red Hat Wildfly是美国红帽（Red Hat）公司的一款基于JavaEE的轻量级开源应用服务器。 Red Hat Wildfly（与OpenSSL security provider一起使用）中存在安全漏洞，该漏洞源于程序没有执行Wildfly配置的‘enabled-protocols’设置。攻击者可利用该漏洞该漏洞获取网络传播的信息。以下产品及版本受到影响：Wildfly 7.2.0.GA版本，7.2.3.GA版本，7.2.5.CR2版本。

N/A

N/A