CVE-2010-3862

CWE-20 — Improper Input Validation7 documents5 sources

Severity

2.6LOW

EPSS

1.7%

top 17.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform Redhat Jboss Enterprise WEB Platform Redhat Jboss Remoting

Timeline

PublishedDec 30

Latest updateMay 17

Description

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application da…

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/jboss_enterprise_application_platform4.3.0, 5.1.0+1

▶NVDredhat/jboss_enterprise_web_platform5.1.0

▶NVDredhat/jboss_remoting2.2.0, 2.2.2, 2.2.3+2

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-3f3h-gc4r-7vvp: The org↗2022-05-17

▶

CVEList

CVE-2010-3862: The org↗2010-12-30

▶

📋Vendor Advisories

Red Hat

jboss-remoting: missing fix for CVE-2010-3862↗2010-12-08

▶

Red Hat

JBoss Remoting Denial-Of-Service↗2010-12-01

▶

💬Community

Bugzilla

CVE-2010-4265 jboss-remoting: missing fix for CVE-2010-3862↗2010-12-07

▶

Bugzilla

CVE-2010-3862 JBoss Remoting Denial-Of-Service↗2010-10-08

▶