Lucene search

Veracode Vulnerability DatabaseVERACODE:25956

HistoryJul 25, 2020 - 4:15 a.m.

Denial Of Service (DoS)

2020-07-2504:15:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

jboss-ejb-client is vulnerable to denial of service. The EJB SessionOpenInvocations may not be removed properly after a response is received, potentially allowing an attacker to cause a denial of service condition.

CPENameOperatorVersion
eap7-wildfly-http-clienteq1.0.20__1.Final_redhat_00001.1.el8eap
eap7-wildfly-http-clienteq1.0.18__2.Final_redhat_00001.1.el7eap
eap7-wildfly-http-clienteq1.0.17__1.Final_redhat_00001.1.el7eap
eap7-wildfly-http-clienteq1.0.20__1.Final_redhat_00001.1.el7eap
eap7-wildfly-http-clienteq1.0.15__1.Final_redhat_00001.1.el7eap
eap7-wildfly-http-clienteq1.0.17__1.Final_redhat_00001.1.el8eap
eap7-wildfly-http-clienteq1.0.18__2.Final_redhat_00001.1.el8eap
eap7-wildfly-http-clienteq1.0.9__1.Final_redhat_1.1.ep7.el6
eap7-wildfly-http-clienteq1.0.21__1.Final_redhat_00001.1.el7eap
eap7-wildfly-http-clienteq1.0.8__1.Final_redhat_1.1.ep7.el6

Name	Operator	Version
eap7-wildfly-http-client	eq	1.0.20__1.Final_redhat_00001.1.el8eap
eap7-wildfly-http-client	eq	1.0.18__2.Final_redhat_00001.1.el7eap
eap7-wildfly-http-client	eq	1.0.17__1.Final_redhat_00001.1.el7eap
eap7-wildfly-http-client	eq	1.0.20__1.Final_redhat_00001.1.el7eap
eap7-wildfly-http-client	eq	1.0.15__1.Final_redhat_00001.1.el7eap
eap7-wildfly-http-client	eq	1.0.17__1.Final_redhat_00001.1.el8eap
eap7-wildfly-http-client	eq	1.0.18__2.Final_redhat_00001.1.el8eap
eap7-wildfly-http-client	eq	1.0.9__1.Final_redhat_1.1.ep7.el6
eap7-wildfly-http-client	eq	1.0.21__1.Final_redhat_00001.1.el7eap
eap7-wildfly-http-client	eq	1.0.8__1.Final_redhat_1.1.ep7.el6

Rows per page:

1-10 of 21241

References

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

access.redhat.com/errata/RHSA-2020:3141

access.redhat.com/errata/RHSA-2020:3142

access.redhat.com/errata/RHSA-2020:3143

access.redhat.com/errata/RHSA-2020:3144

access.redhat.com/errata/RHSA-2020:3461

access.redhat.com/errata/RHSA-2020:3462

access.redhat.com/errata/RHSA-2020:3463

access.redhat.com/errata/RHSA-2020:3464

access.redhat.com/errata/RHSA-2020:3501

access.redhat.com/errata/RHSA-2020:3539

access.redhat.com/errata/RHSA-2020:3637

access.redhat.com/errata/RHSA-2020:3638

access.redhat.com/errata/RHSA-2020:3639

access.redhat.com/errata/RHSA-2020:3642

access.redhat.com/errata/RHSA-2020:3817

access.redhat.com/security/cve/CVE-2020-14307

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1851327

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14307

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

Related for VERACODE:25956