PUA (Potentially Unwanted Application) detected in Wildfly

64 views
Skip to first unread message

apoorva maheshwari

unread,
Jun 21, 2022, 2:15:45 PM6/21/22
to WildFly

During the malware scan of wildfly-23.0.2.Final package, we have found PUA (Potentially Unwanted Application) in few java script files of hal console.

PUA details are mentioned below.

 PUA Detected

PUA.Html.Exploit.CVE_2012_0469-1 FOUND

Infected Files

Wildfly-23.0.2.Final/modules/system/layers/base/org/jboss/as/console/main/hal-console-3.3.6.Final-resources.jar

/js/external.min.js

/js/pouchdb.js

/js/external.js

/js/pouchdb.min.js

 

In our application, we are not using hal-console.

Is hal-console  internally used by wildfly ?

Is there any way to remove these specific java script files or hal-console from wildfly ?

Darran Lofthouse

unread,
Jun 22, 2022, 7:27:43 AM6/22/22
to WildFly
FYI the module flagged is the module which contains the code for the admin console for administering the application server.  your own deployment would not be referencing anything in the admin console and the adming console is not accessible over the same HTTP port as deployments.

apoorva maheshwari

unread,
Jun 23, 2022, 1:20:51 AM6/23/22
to WildFly
Hello Darran,

Is there any way to remove these specific java script files or hal-console from wildfly ?

Regards,
Apoorva Maheshwari
Reply all
Reply to author
Forward
0 new messages