Lucene search

[email protected]CVE-2010-4265

HistoryDec 30, 2010 - 9:00 p.m.

CVE-2010-4265

2010-12-3021:00:02

[email protected]

web.nvd.nist.gov

cve-2010-4265

jboss

remoting

bisocket

dos

red hat

jbeap

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

Low

0.036 Low

EPSS

Percentile

91.7%

JSON

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.

Affected configurations

NVD

Node

redhatjboss_remotingMatch2.2.0

redhatjboss_remotingMatch2.2.2sp10

redhatjboss_remotingMatch2.2.2sp11

redhatjboss_remotingMatch2.2.2sp2

redhatjboss_remotingMatch2.2.2sp4

redhatjboss_remotingMatch2.2.2sp7

redhatjboss_remotingMatch2.2.2sp8

redhatjboss_remotingMatch2.2.3

redhatjboss_remotingMatch2.2.3sp1

redhatjboss_remotingMatch2.2.3sp2

redhatjboss_remotingMatch2.2.3sp3

AND

redhatjboss_enterprise_application_platformMatch4.3.0

redhatjboss_enterprise_application_platformMatch4.3.0cp01

redhatjboss_enterprise_application_platformMatch4.3.0cp02

redhatjboss_enterprise_application_platformMatch4.3.0cp03

redhatjboss_enterprise_application_platformMatch4.3.0cp04

redhatjboss_enterprise_application_platformMatch4.3.0cp05

redhatjboss_enterprise_application_platformMatch4.3.0cp06

redhatjboss_enterprise_application_platformMatch4.3.0cp07

redhatjboss_enterprise_application_platformMatch4.3.0cp08

redhatjboss_enterprise_application_platformMatch4.3.0cp09

redhatjboss_enterprise_application_platformMatch5.1.0

redhatjboss_enterprise_web_platformMatch5.1.0

CPENameOperatorVersion
redhat:jboss_remotingredhat jboss remotingeq2.2.0
redhat:jboss_remotingredhat jboss remotingeq2.2.2
redhat:jboss_remotingredhat jboss remotingeq2.2.3
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq4.3.0
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq5.1.0
redhat:jboss_enterprise_web_platformredhat jboss enterprise web platformeq5.1.0

CPE	Name	Operator	Version
redhat:jboss_remoting	redhat jboss remoting	eq	2.2.0
redhat:jboss_remoting	redhat jboss remoting	eq	2.2.2
redhat:jboss_remoting	redhat jboss remoting	eq	2.2.3
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	4.3.0
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	5.1.0
redhat:jboss_enterprise_web_platform	redhat jboss enterprise web platform	eq	5.1.0