Описание
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
Отчет
Netty versions as shipped by Red Hat products are not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | netty | Not affected | ||
| Red Hat JBoss BRMS 6 | netty | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | netty | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | netty | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | others | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | netty | Not affected | ||
| Red Hat JBoss Portal 5 | netty | Not affected | ||
| Red Hat JBoss Portal 6 | netty | Not affected | ||
| Red Hat Satellite 6 | netty | Not affected | ||
| Red Hat Software Collections | thermostat1-netty | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1107983Netty: DoS by CPU exhaustion when using malicious SSL packets
EPSS
Процентиль: 75%
0.00867
Низкий
7.8 High
CVSS2
Связанные уязвимости
ubuntu
больше 11 лет назад
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
nvd
больше 11 лет назад
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
debian
больше 11 лет назад
The SslHandler in Netty before 3.9.2 allows remote attackers to cause ...
EPSS
Процентиль: 75%
0.00867
Низкий
7.8 High
CVSS2