CVE-2015-5220

CWE-119 — Buffer Overflow CWE-770 — Allocation without Limits5 documents5 sources

Severity

5.0MEDIUM

EPSS

1.5%

top 18.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Application Platform Redhat Jboss Wildfly Application Server

Timeline

PublishedOct 27

Latest updateMay 17

Description

The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDredhat/jboss_wildfly_application_server2.0.0

▶NVDredhat/jboss_enterprise_application_platform6.4.3

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-9g5x-j6wf-xvr6: The Web Console in Red Hat Enterprise Application Platform (EAP) before 6↗2022-05-17

▶

CVEList

CVE-2015-5220: The Web Console in Red Hat Enterprise Application Platform (EAP) before 6↗2015-10-27

▶

📋Vendor Advisories

Red Hat

OOME from EAP 6 http management console↗2015-10-15

▶

💬Community

Bugzilla

CVE-2015-5220 OOME from EAP 6 http management console↗2015-08-21

▶