I have a java application which is hosted in WildFly 9. It was noted that recently someone has added/Injected a text file and a php file which had just a text saying hacked by somename.. Now I found the files inside wildfly-9.0.2.Final/standalone/tmp/vfs/temp... this path. Then I deleted them. Seems there is no harm other than that.
I searched if there is such vulnerability in wildfly 9, but I couldn't find any information like that or a solution. Is there a solution to fix this security issue without upgrading wildfly to a newer version? or should this be fixed in a proxy server level?
Thank you in advance.