A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|https://bugzilla.redhat.com/show_bug.cgi?id=1825714||Issue Tracking Mitigation Vendor Advisory|
Configuration 1 (hide)
Configuration 2 (hide)