org.wildfly.security:wildfly-elytron-http@1.11.0.CR4 vulnerabilities

latest version

2.6.0.Final

latest non vulnerable version

2.6.0.Final

first published

6 years ago

latest version published

4 months ago

licenses detected

Apache-2.0
[1.9.0.CR1,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.wildfly.security:wildfly-elytron-http package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Session Fixation org.wildfly.security:wildfly-elytron-http is a WildFly Security HTTP Framework Affected versions of this package are vulnerable to Session Fixation. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. How to fix Session Fixation? Upgrade `org.wildfly.security:wildfly-elytron-http` to version 1.11.4.Final or higher.	[,1.11.4.Final)

Session Fixation

org.wildfly.security:wildfly-elytron-http is a WildFly Security HTTP Framework

Affected versions of this package are vulnerable to Session Fixation. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity.

How to fix Session Fixation?

Upgrade org.wildfly.security:wildfly-elytron-http to version 1.11.4.Final or higher.

[,1.11.4.Final)

Go back to all versions of this package