CVE-2021-3642
First published: Wed Jun 30 2021(Updated: )
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-apache-cxf | <0:3.3.12-1.redhat_00001.1.el6ea | 0:3.3.12-1.redhat_00001.1.el6ea |
| redhat/eap7-ironjacamar | <0:1.5.3-1.Final_redhat_00001.1.el6ea | 0:1.5.3-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jakarta-el | <0:3.0.3-3.redhat_00007.1.el6ea | 0:3.0.3-3.redhat_00007.1.el6ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.43-1.Final_redhat_00001.1.el6ea | 0:4.0.43-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-10.Final_redhat_00011.1.el6ea | 0:1.7.2-10.Final_redhat_00011.1.el6ea |
| redhat/eap7-jsoup | <0:1.14.2-1.redhat_00002.1.el6ea | 0:1.14.2-1.redhat_00002.1.el6ea |
| redhat/eap7-resteasy | <0:3.11.5-1.Final_redhat_00001.1.el6ea | 0:3.11.5-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-undertow | <0:2.0.41-1.SP1_redhat_00001.1.el6ea | 0:2.0.41-1.SP1_redhat_00001.1.el6ea |
| redhat/eap7-wildfly | <0:7.3.10-2.GA_redhat_00003.1.el6ea | 0:7.3.10-2.GA_redhat_00003.1.el6ea |
| redhat/eap7-wildfly-elytron | <0:1.10.15-1.Final_redhat_00001.1.el6ea | 0:1.10.15-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-wss4j | <0:2.2.7-1.redhat_00001.1.el6ea | 0:2.2.7-1.redhat_00001.1.el6ea |
| redhat/eap7-xml-security | <0:2.1.7-1.redhat_00001.1.el6ea | 0:2.1.7-1.redhat_00001.1.el6ea |
| redhat/eap7-apache-cxf | <0:3.3.12-1.redhat_00001.1.el7ea | 0:3.3.12-1.redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar | <0:1.5.3-1.Final_redhat_00001.1.el7ea | 0:1.5.3-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jakarta-el | <0:3.0.3-3.redhat_00007.1.el7ea | 0:3.0.3-3.redhat_00007.1.el7ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.43-1.Final_redhat_00001.1.el7ea | 0:4.0.43-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-10.Final_redhat_00011.1.el7ea | 0:1.7.2-10.Final_redhat_00011.1.el7ea |
| redhat/eap7-jsoup | <0:1.14.2-1.redhat_00002.1.el7ea | 0:1.14.2-1.redhat_00002.1.el7ea |
| redhat/eap7-resteasy | <0:3.11.5-1.Final_redhat_00001.1.el7ea | 0:3.11.5-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-undertow | <0:2.0.41-1.SP1_redhat_00001.1.el7ea | 0:2.0.41-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-wildfly | <0:7.3.10-2.GA_redhat_00003.1.el7ea | 0:7.3.10-2.GA_redhat_00003.1.el7ea |
| redhat/eap7-wildfly-elytron | <0:1.10.15-1.Final_redhat_00001.1.el7ea | 0:1.10.15-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wss4j | <0:2.2.7-1.redhat_00001.1.el7ea | 0:2.2.7-1.redhat_00001.1.el7ea |
| redhat/eap7-xml-security | <0:2.1.7-1.redhat_00001.1.el7ea | 0:2.1.7-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-cxf | <0:3.3.12-1.redhat_00001.1.el8ea | 0:3.3.12-1.redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar | <0:1.5.3-1.Final_redhat_00001.1.el8ea | 0:1.5.3-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jakarta-el | <0:3.0.3-3.redhat_00007.1.el8ea | 0:3.0.3-3.redhat_00007.1.el8ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.43-1.Final_redhat_00001.1.el8ea | 0:4.0.43-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-10.Final_redhat_00011.1.el8ea | 0:1.7.2-10.Final_redhat_00011.1.el8ea |
| redhat/eap7-jsoup | <0:1.14.2-1.redhat_00002.1.el8ea | 0:1.14.2-1.redhat_00002.1.el8ea |
| redhat/eap7-resteasy | <0:3.11.5-1.Final_redhat_00001.1.el8ea | 0:3.11.5-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.0.41-1.SP1_redhat_00001.1.el8ea | 0:2.0.41-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-wildfly | <0:7.3.10-2.GA_redhat_00003.1.el8ea | 0:7.3.10-2.GA_redhat_00003.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.10.15-1.Final_redhat_00001.1.el8ea | 0:1.10.15-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wss4j | <0:2.2.7-1.redhat_00001.1.el8ea | 0:2.2.7-1.redhat_00001.1.el8ea |
| redhat/eap7-xml-security | <0:2.1.7-1.redhat_00001.1.el8ea | 0:2.1.7-1.redhat_00001.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.15.5-1.Final_redhat_00001.1.el8ea | 0:1.15.5-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.15.5-1.Final_redhat_00001.1.el7ea | 0:1.15.5-1.Final_redhat_00001.1.el7ea |
| Redhat Wildfly Elytron | <1.10.14 | |
| Redhat Wildfly Elytron | >=1.11.0<1.15.5 | |
| Redhat Wildfly Elytron | >=1.16.0<1.16.1 | |
| Redhat Build Of Quarkus | ||
| Redhat Codeready Studio | =12.0 | |
| Redhat Data Grid | =8.0 | |
| Redhat Descision Manager | =7.0 | |
| Redhat Integration Camel K | ||
| Redhat Integration Camel Quarkus | ||
| Redhat Jboss Enterprise Application Platform | =7.0.0 | |
| Redhat Jboss Enterprise Application Platform Expansion Pack | ||
| Redhat Jboss Fuse | =7.0.0 | |
| Redhat Openshift Application Runtimes | ||
| Redhat Process Automation | =7.0 | |
| Quarkus Quarkus | <=2.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1981407
- https://issues.redhat.com/browse/ELY-2147
- https://access.redhat.com/errata/RHSA-2021:3656
- https://access.redhat.com/errata/RHSA-2021:3658
- https://access.redhat.com/errata/RHSA-2021:3660
- https://access.redhat.com/errata/RHSA-2021:3880
- https://access.redhat.com/security/cve/cve-2021-3642
- https://access.redhat.com/errata/RHSA-2021:4767
- https://access.redhat.com/errata/RHSA-2021:5150
- https://access.redhat.com/errata/RHSA-2021:5151
- https://access.redhat.com/errata/RHSA-2021:5154
- https://access.redhat.com/errata/RHSA-2021:5149
- https://access.redhat.com/errata/RHSA-2021:5170
- https://access.redhat.com/errata/RHSA-2022:0146
- https://access.redhat.com/errata/RHSA-2022:0520
- https://access.redhat.com/errata/RHSA-2022:1179
- https://access.redhat.com/errata/RHSA-2022:5532
- https://access.redhat.com/errata/RHSA-2022:5903
- https://www.cve.org/CVERecord?id=CVE-2021-3642 https://nvd.nist.gov/vuln/detail/CVE-2021-3642
Parent vulnerabilities
(Appears in the following advisories)
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3642
- agent/software-canonical-lookup
- collector/redhat-cve
- vendor/redhat
- canonical/redhat wildfly elytron
- version/redhat wildfly elytron/1.11.0
- version/redhat wildfly elytron/1.16.0
- canonical/redhat build of quarkus
- canonical/redhat codeready studio
- version/redhat codeready studio/12.0
- canonical/redhat data grid
- version/redhat data grid/8.0
- canonical/redhat descision manager
- version/redhat descision manager/7.0
- canonical/redhat integration camel k
- canonical/redhat integration camel quarkus
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/7.0.0
- canonical/redhat jboss enterprise application platform expansion pack
- canonical/redhat jboss fuse
- version/redhat jboss fuse/7.0.0
- canonical/redhat openshift application runtimes
- canonical/redhat process automation
- version/redhat process automation/7.0
- vendor/quarkus
- canonical/quarkus quarkus
- version/quarkus quarkus/2.1.4
- package-manager/redhat