CVE-2021-3642
First published: Wed Jun 30 2021(Updated: )
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-apache-cxf | <0:3.3.12-1.redhat_00001.1.el6ea | 0:3.3.12-1.redhat_00001.1.el6ea |
| redhat/eap7-ironjacamar | <0:1.5.3-1.Final_redhat_00001.1.el6ea | 0:1.5.3-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jakarta-el | <0:3.0.3-3.redhat_00007.1.el6ea | 0:3.0.3-3.redhat_00007.1.el6ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.43-1.Final_redhat_00001.1.el6ea | 0:4.0.43-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-10.Final_redhat_00011.1.el6ea | 0:1.7.2-10.Final_redhat_00011.1.el6ea |
| redhat/eap7-jsoup | <0:1.14.2-1.redhat_00002.1.el6ea | 0:1.14.2-1.redhat_00002.1.el6ea |
| redhat/eap7-resteasy | <0:3.11.5-1.Final_redhat_00001.1.el6ea | 0:3.11.5-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-undertow | <0:2.0.41-1.SP1_redhat_00001.1.el6ea | 0:2.0.41-1.SP1_redhat_00001.1.el6ea |
| redhat/eap7-wildfly | <0:7.3.10-2.GA_redhat_00003.1.el6ea | 0:7.3.10-2.GA_redhat_00003.1.el6ea |
| redhat/eap7-wildfly-elytron | <0:1.10.15-1.Final_redhat_00001.1.el6ea | 0:1.10.15-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-wss4j | <0:2.2.7-1.redhat_00001.1.el6ea | 0:2.2.7-1.redhat_00001.1.el6ea |
| redhat/eap7-xml-security | <0:2.1.7-1.redhat_00001.1.el6ea | 0:2.1.7-1.redhat_00001.1.el6ea |
| redhat/eap7-apache-cxf | <0:3.3.12-1.redhat_00001.1.el7ea | 0:3.3.12-1.redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar | <0:1.5.3-1.Final_redhat_00001.1.el7ea | 0:1.5.3-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jakarta-el | <0:3.0.3-3.redhat_00007.1.el7ea | 0:3.0.3-3.redhat_00007.1.el7ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.43-1.Final_redhat_00001.1.el7ea | 0:4.0.43-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-10.Final_redhat_00011.1.el7ea | 0:1.7.2-10.Final_redhat_00011.1.el7ea |
| redhat/eap7-jsoup | <0:1.14.2-1.redhat_00002.1.el7ea | 0:1.14.2-1.redhat_00002.1.el7ea |
| redhat/eap7-resteasy | <0:3.11.5-1.Final_redhat_00001.1.el7ea | 0:3.11.5-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-undertow | <0:2.0.41-1.SP1_redhat_00001.1.el7ea | 0:2.0.41-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-wildfly | <0:7.3.10-2.GA_redhat_00003.1.el7ea | 0:7.3.10-2.GA_redhat_00003.1.el7ea |
| redhat/eap7-wildfly-elytron | <0:1.10.15-1.Final_redhat_00001.1.el7ea | 0:1.10.15-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wss4j | <0:2.2.7-1.redhat_00001.1.el7ea | 0:2.2.7-1.redhat_00001.1.el7ea |
| redhat/eap7-xml-security | <0:2.1.7-1.redhat_00001.1.el7ea | 0:2.1.7-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-cxf | <0:3.3.12-1.redhat_00001.1.el8ea | 0:3.3.12-1.redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar | <0:1.5.3-1.Final_redhat_00001.1.el8ea | 0:1.5.3-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jakarta-el | <0:3.0.3-3.redhat_00007.1.el8ea | 0:3.0.3-3.redhat_00007.1.el8ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.43-1.Final_redhat_00001.1.el8ea | 0:4.0.43-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-10.Final_redhat_00011.1.el8ea | 0:1.7.2-10.Final_redhat_00011.1.el8ea |
| redhat/eap7-jsoup | <0:1.14.2-1.redhat_00002.1.el8ea | 0:1.14.2-1.redhat_00002.1.el8ea |
| redhat/eap7-resteasy | <0:3.11.5-1.Final_redhat_00001.1.el8ea | 0:3.11.5-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.0.41-1.SP1_redhat_00001.1.el8ea | 0:2.0.41-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-wildfly | <0:7.3.10-2.GA_redhat_00003.1.el8ea | 0:7.3.10-2.GA_redhat_00003.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.10.15-1.Final_redhat_00001.1.el8ea | 0:1.10.15-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wss4j | <0:2.2.7-1.redhat_00001.1.el8ea | 0:2.2.7-1.redhat_00001.1.el8ea |
| redhat/eap7-xml-security | <0:2.1.7-1.redhat_00001.1.el8ea | 0:2.1.7-1.redhat_00001.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.15.5-1.Final_redhat_00001.1.el8ea | 0:1.15.5-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.15.5-1.Final_redhat_00001.1.el7ea | 0:1.15.5-1.Final_redhat_00001.1.el7ea |
| redhat/Wildfly Elytron | <1.10.14. | 1.10.14. |
| redhat/Wildfly Elytron | <1.15.5. | 1.15.5. |
| redhat/Wildfly Elytron | <1.16.1. | 1.16.1. |
| Redhat Wildfly Elytron | <1.10.14 | |
| Redhat Wildfly Elytron | >=1.11.0<1.15.5 | |
| Redhat Wildfly Elytron | >=1.16.0<1.16.1 | |
| Redhat Build Of Quarkus | ||
| Redhat Codeready Studio | =12.0 | |
| Red Hat Data Grid | =8.0 | |
| Redhat Descision Manager | =7.0 | |
| Redhat Integration Camel K | ||
| Red Hat Integration Camel Extensions for Quarkus | ||
| Red Hat JBoss Enterprise Application Platform | =7.0.0 | |
| Red Hat JBoss Enterprise Application Platform | ||
| Redhat Jboss Fuse | =7.0.0 | |
| Red Hat Openshift Application Runtimes | ||
| Redhat Process Automation | =7.0 | |
| Quarkus Quarkus | <=2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1981407
- https://issues.redhat.com/browse/ELY-2147
- https://access.redhat.com/errata/RHSA-2021:3656
- https://access.redhat.com/errata/RHSA-2021:3658
- https://access.redhat.com/errata/RHSA-2021:3660
- https://access.redhat.com/errata/RHSA-2021:3880
- https://access.redhat.com/security/cve/cve-2021-3642
- https://access.redhat.com/errata/RHSA-2021:4767
- https://access.redhat.com/errata/RHSA-2021:5150
- https://access.redhat.com/errata/RHSA-2021:5151
- https://access.redhat.com/errata/RHSA-2021:5154
- https://access.redhat.com/errata/RHSA-2021:5149
- https://access.redhat.com/errata/RHSA-2021:5170
- https://access.redhat.com/errata/RHSA-2022:0146
- https://access.redhat.com/errata/RHSA-2022:0520
- https://access.redhat.com/errata/RHSA-2022:1179
- https://access.redhat.com/errata/RHSA-2022:5532
- https://access.redhat.com/errata/RHSA-2022:5903
- https://www.cve.org/CVERecord?id=CVE-2021-3642 https://nvd.nist.gov/vuln/detail/CVE-2021-3642
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3642
- agent/software-canonical-lookup
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/redhat wildfly elytron
- version/redhat wildfly elytron/1.11.0
- version/redhat wildfly elytron/1.16.0
- canonical/redhat build of quarkus
- canonical/redhat codeready studio
- version/redhat codeready studio/12.0
- canonical/red hat data grid
- version/red hat data grid/8.0
- canonical/redhat descision manager
- version/redhat descision manager/7.0
- canonical/redhat integration camel k
- canonical/red hat integration camel extensions for quarkus
- canonical/red hat jboss enterprise application platform
- version/red hat jboss enterprise application platform/7.0.0
- canonical/redhat jboss fuse
- version/redhat jboss fuse/7.0.0
- canonical/red hat openshift application runtimes
- canonical/redhat process automation
- version/redhat process automation/7.0
- vendor/quarkus
- canonical/quarkus quarkus
- version/quarkus quarkus/2.1.4