Ubuntu.comUB:CVE-2010-4265CVE-2010-4265
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.036 Low
EPSS
Percentile
91.6%
The
org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run
method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2
in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP)
4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service
(daemon outage) by establishing a bisocket control connection TCP session,
and then not sending any application data, related to a missing
CVE-2010-3862 patch. NOTE: this can be considered a duplicate of
CVE-2010-3862 because a missing patch should not be assigned a separate CVE
identifier.
Bugs
- <https://issues.jboss.org/browse/JBREM-1261>
- <https://issues.jboss.org/browse/JBPAPP-5253>
- <https://bugzilla.redhat.com/show_bug.cgi?id=660623>
Notes
| Author | Note |
|---|---|
| mdeslaur | probably RH specific as it’s a missing patch for CVE-2010-3862 |
Related
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.036 Low
EPSS
Percentile
91.6%