CVE-2011-4610

2014-02-1023:55:00

CWE-119

[email protected]

web.nvd.nist.gov

jboss web

red hat jboss communications platform

enterprise web platform

enterprise application platform

denial of service

cve-2011-4610

nvd

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a “surrogate pair character” that is “at the boundary of an internal buffer.”

CPENameOperatorVersion
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformle5.1.2
redhat:jboss_enterprise_brms_platformredhat jboss enterprise brms platformle5.1.0
redhat:jboss_communications_platformredhat jboss communications platformle5.1
redhat:jboss_enterprise_web_platformredhat jboss enterprise web platformle5.1.2

CPE	Name	Operator	Version
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	le	5.1.2
redhat:jboss_enterprise_brms_platform	redhat jboss enterprise brms platform	le	5.1.0
redhat:jboss_communications_platform	redhat jboss communications platform	le	5.1
redhat:jboss_enterprise_web_platform	redhat jboss enterprise web platform	le	5.1.2