CVE-2020-35510Uncontrolled Resource Consumption in Redhat Jboss-remoting

CWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
5.9MEDIUMNVD
EPSS
0.6%
top 31.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss-remoting
Timeline
PublishedJun 2
Latest updateMar 18

Description

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system avail

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDredhat/jboss-remoting< 5.0.20+1
CVEListV5redhat/jboss-remotingjboss-remoting 5.0.20.SP1-redhat-00001

🔴Vulnerability Details

3
OSV
Uncontrolled Resource Consumption in jboss-remoting2022-03-18
GHSA
Uncontrolled Resource Consumption in jboss-remoting2022-03-18
CVEList
CVE-2020-35510: A flaw was found in jboss-remoting in versions before 52021-06-02

📋Vendor Advisories

1
Red Hat
jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client2020-12-09
CVE-2020-35510 — Uncontrolled Resource Consumption | cvebase