Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-35510

Опубликовано: 09 дек. 2020
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat CodeReady Studio 12jboss-remotingWill not fix
Red Hat Decision Manager 7jboss-remotingAffected
Red Hat JBoss BRMS 5jboss-remotingOut of support scope
Red Hat JBoss Data Grid 7jboss-remotingOut of support scope
Red Hat JBoss Data Virtualization 6jboss-remotingOut of support scope
Red Hat JBoss Enterprise Application Platform 5jboss-remotingOut of support scope
Red Hat JBoss Enterprise Application Platform 6jboss-remotingOut of support scope
Red Hat JBoss Fuse 6jboss-remotingOut of support scope
Red Hat JBoss Fuse Service Works 6jboss-remotingOut of support scope
Red Hat JBoss Operations Network 3jboss-remotingOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1905796jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

EPSS

Процентиль: 41%
0.00195
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-35510

CVSS3: 5.9
nvd
больше 4 лет назад

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2020-35510

CVSS3: 5.9
debian
больше 4 лет назад

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redha ...

github логотип

GHSA-p6j8-hgv5-m35g

CVSS3: 7.5
github
почти 4 года назад

Uncontrolled Resource Consumption in jboss-remoting

EPSS

Процентиль: 41%
0.00195
Низкий

5.9 Medium

CVSS3