Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-14307

Опубликовано: 23 июл. 2020
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6jboss-ejb-clientOut of support scope
Red Hat CodeReady Studio 12wildflyNot affected
Red Hat Data Grid 8wildflyNot affected
Red Hat Decision Manager 7jboss-ejb-clientNot affected
Red Hat Fuse 7jboss-ejb-clientWill not fix
Red Hat JBoss Data Grid 7jboss-ejb-clientOut of support scope
Red Hat JBoss Enterprise Application Platform 6jboss-ejb-clientOut of support scope
Red Hat JBoss Enterprise Application Platform Continuous Deliveryjboss-ejb-clientOut of support scope
Red Hat JBoss Fuse 6jboss-ejb-clientOut of support scope
Red Hat JBoss Operations Network 3jboss-ejb-clientOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-404
https://bugzilla.redhat.com/show_bug.cgi?id=1851327wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

EPSS

Процентиль: 61%
0.00415
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-14307

CVSS3: 6.5
nvd
больше 5 лет назад

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

debian логотип

CVE-2020-14307

CVSS3: 6.5
debian
больше 5 лет назад

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) ver ...

github логотип

GHSA-q562-x7c7-5fc9

CVSS3: 6.5
github
больше 3 лет назад

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

EPSS

Процентиль: 61%
0.00415
Низкий

6.5 Medium

CVSS3