CVE-2014-0086

CWE-20 — Improper Input Validation6 documents6 sources

Severity

4.3MEDIUM

EPSS

0.6%

top 29.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss WEB Framework KIT Redhat Richfaces

Timeline

PublishedMar 31

Latest updateMay 17

Description

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Mavenorg.richfaces:richfaces5.0.0.Alpha1 — 5.0.0.Alpha3+1

▶NVDredhat/richfaces4.3.4, 4.3.5, 5.0.0+2

▶NVDredhat/jboss_web_framework_kit2.5.0

Patches

Patch: github.com ↗Patch: issues.jboss.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

JBoss RichFaces Improper Input Validation vulnerability↗2022-05-17

▶

OSV

JBoss RichFaces Improper Input Validation vulnerability↗2022-05-17

▶

CVEList

CVE-2014-0086: The doFilter function in webapp/PushHandlerFilter↗2014-03-28

▶

📋Vendor Advisories

Red Hat

RichFaces: remote denial of service via memory exhaustion↗2014-02-14

▶

💬Community

Bugzilla

CVE-2014-0086 JBoss RichFaces: remote denial of service via memory exhaustion↗2014-02-20

▶