CVE-2016-2094
published 2016-05-06CVE-2016-2094: The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a…
PriorityP434high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
2.65%
83.7th percentile
The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jboss | enterprise_application_platform | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qvfx-47j9-mhg5: The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake
ghsa_unreviewed·2022-05-17
CVE-2016-2094 [HIGH] GHSA-qvfx-47j9-mhg5: The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake
The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.
Red Hat
EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client
vendor_redhat·2016-02-17·CVSS 7.5
CVE-2016-2094 [HIGH] CWE-358 EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client
EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client
The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.
A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open (denial of service).
No detection rules found.
No public exploits indexed.
http://rhn.redhat.com/errata/RHSA-2016-0595.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0596.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0597.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0598.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0599.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1308465http://rhn.redhat.com/errata/RHSA-2016-0595.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0596.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0597.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0598.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0599.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1308465
2016-05-06
Published