Lucene search

Veracode Vulnerability DatabaseVERACODE:25955

HistoryJul 25, 2020 - 4:10 a.m.

Denial Of Service (DoS)

2020-07-2504:10:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

jboss-ejb-client wildfly is vulnerable to denial of serivce (DoS). The vulnerability is caused by certain EJB transaction objects being accumulated.

CPENameOperatorVersion
eap7-wildflyeq7.1.3__4.GA_redhat_3.1.ep7.el7
eap7-wildflyeq7.0.6__4.GA_redhat_2.1.ep7.el6
eap7-wildflyeq7.0.9__4.GA_redhat_3.1.ep7.el6
eap7-wildflyeq7.0.7__4.GA_redhat_3.1.ep7.el7
eap7-wildflyeq7.1.3__2.GA_redhat_2.1.ep7.el6
eap7-wildflyeq7.1.3__4.GA_redhat_3.1.ep7.el6
eap7-wildflyeq7.0.0__19.GA_redhat_3.1.ep7.el6
eap7-wildflyeq7.0.2__2.GA_redhat_1.1.ep7.el6
eap7-wildflyeq7.0.7__4.GA_redhat_3.1.ep7.el6
eap7-wildflyeq7.1.2__1.GA_redhat_1.1.ep7.el6

Name	Operator	Version
eap7-wildfly	eq	7.1.3__4.GA_redhat_3.1.ep7.el7
eap7-wildfly	eq	7.0.6__4.GA_redhat_2.1.ep7.el6
eap7-wildfly	eq	7.0.9__4.GA_redhat_3.1.ep7.el6
eap7-wildfly	eq	7.0.7__4.GA_redhat_3.1.ep7.el7
eap7-wildfly	eq	7.1.3__2.GA_redhat_2.1.ep7.el6
eap7-wildfly	eq	7.1.3__4.GA_redhat_3.1.ep7.el6
eap7-wildfly	eq	7.0.0__19.GA_redhat_3.1.ep7.el6
eap7-wildfly	eq	7.0.2__2.GA_redhat_1.1.ep7.el6
eap7-wildfly	eq	7.0.7__4.GA_redhat_3.1.ep7.el6
eap7-wildfly	eq	7.1.2__1.GA_redhat_1.1.ep7.el6

Rows per page:

1-10 of 21241

References

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

access.redhat.com/errata/RHSA-2020:3141

access.redhat.com/errata/RHSA-2020:3142

access.redhat.com/errata/RHSA-2020:3143

access.redhat.com/errata/RHSA-2020:3144

access.redhat.com/errata/RHSA-2020:3461

access.redhat.com/errata/RHSA-2020:3462

access.redhat.com/errata/RHSA-2020:3463

access.redhat.com/errata/RHSA-2020:3464

access.redhat.com/errata/RHSA-2020:3501

access.redhat.com/errata/RHSA-2020:3539

access.redhat.com/errata/RHSA-2020:3637

access.redhat.com/errata/RHSA-2020:3638

access.redhat.com/errata/RHSA-2020:3639

access.redhat.com/errata/RHSA-2020:3642

access.redhat.com/errata/RHSA-2020:3817

access.redhat.com/errata/RHSA-2021:3140

access.redhat.com/security/cve/CVE-2020-14297

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1853595

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

Related for VERACODE:25955