CVE-2010-3862

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2010-0937.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0938.html	Vendor Advisory
http://securitytracker.com/id?1024813
http://www.redhat.com/support/errata/RHSA-2010-0963.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0961.html	Vendor Advisory
https://issues.jboss.org/browse/JBREM-1261
http://www.redhat.com/support/errata/RHSA-2010-0939.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0960.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0959.html	Vendor Advisory
https://issues.jboss.org/browse/JBPAPP-5253
https://bugzilla.redhat.com/show_bug.cgi?id=641389	Patch
http://www.redhat.com/support/errata/RHSA-2010-0962.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp10::::::
	cpe:2.3:a:redhat:jboss_remoting:2.2.3:::::::*
	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp2::::::
	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp4::::::
	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp7::::::
	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp8::::::
	cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp2::::::
	cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp3::::::
	cpe:2.3:a:redhat:jboss_remoting:2.2.0:::::::*
	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp11::::::
	cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp1::::::

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp08::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04::::::

Information

Published : 2010-12-30 13:00

Updated : 2010-12-30 21:00

NVD link : CVE-2010-3862

Mitre link : CVE-2010-3862

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

redhat

jboss_enterprise_application_platform
jboss_enterprise_web_platform
jboss_remoting

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2010-0937.html", "name": "RHSA-2010:0937", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0938.html", "name": "RHSA-2010:0938", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://securitytracker.com/id?1024813", "name": "1024813", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0963.html", "name": "RHSA-2010:0963", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0961.html", "name": "RHSA-2010:0961", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://issues.jboss.org/browse/JBREM-1261", "name": "https://issues.jboss.org/browse/JBREM-1261", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0939.html", "name": "RHSA-2010:0939", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0960.html", "name": "RHSA-2010:0960", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0959.html", "name": "RHSA-2010:0959", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "https://issues.jboss.org/browse/JBPAPP-5253", "name": "https://issues.jboss.org/browse/JBPAPP-5253", "tags": [], "refsource": "MISC"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641389", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=641389", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0962.html", "name": "RHSA-2010:0962", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-3862", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-12-30T21:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp08:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-12-31T05:00Z"}

2.6 /10