CVE-2020-14384 — Uncontrolled Resource Consumption in Redhat Jbossweb

CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 44.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jbossweb Redhat Jboss Enterprise Application Platform

Timeline

PublishedSep 9

Latest updateMay 24

Description

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/jbossweb< 7.5.31.final-redhat-3

▶NVDredhat/jboss_enterprise_application_platform6.0.0

🔴Vulnerability Details

GHSA

GHSA-8793-frgg-7jvv: A flaw was found in JBossWeb in versions before 7↗2022-05-24

▶

CVEList

CVE-2020-14384: A flaw was found in JBossWeb in versions before 7↗2020-09-09

▶

📋Vendor Advisories

Red Hat

jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS↗2020-09-03

▶

💬Community

Bugzilla

CVE-2020-14384 jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS↗2020-09-02

▶