jboss-remoting is vulnerable to denial of service. An insecure implementation of the org.jboss.remoting.transport.socket.ServerThread
class allows a remote attacker to exhaust all available file descriptors on the target server and deny all subsequent connections. In order for this vulnerability to be exploited, the remoting port must be accessible directly or indirectly.
rhn.redhat.com/errata/RHSA-2013-1369.html
rhn.redhat.com/errata/RHSA-2013-1370.html
rhn.redhat.com/errata/RHSA-2013-1371.html
rhn.redhat.com/errata/RHSA-2013-1372.html
rhn.redhat.com/errata/RHSA-2013-1373.html
rhn.redhat.com/errata/RHSA-2013-1374.html
rhn.redhat.com/errata/RHSA-2013-1448.html
access.redhat.com/security/updates/classification/#moderate
rhn.redhat.com/errata/RHSA-2013-1369.html