A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
[
{
"product": "wildfly-elytron",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "wildfly-elytron 1.10.7.Final"
}
]
}
]