All the vulnerabilites related to redhat - jboss_remoting
cve-2010-4265
Vulnerability from cvelistv5
Published
2010-12-30 20:00
Modified
2024-08-07 03:43
Severity ?
EPSS score ?
Summary
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.jboss.org/browse/JBPAPP-5253 | x_refsource_MISC | |
| http://securitytracker.com/id?1024840 | vdb-entry, x_refsource_SECTRACK | |
| https://issues.jboss.org/browse/JBREM-1261 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2010-0965.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2010-0964.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=660623 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:13.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/JBPAPP-5253"
},
{
"name": "1024840",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024840"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/JBREM-1261"
},
{
"name": "RHSA-2010:0965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0965.html"
},
{
"name": "RHSA-2010:0964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0964.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=660623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-30T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.jboss.org/browse/JBPAPP-5253"
},
{
"name": "1024840",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024840"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/JBREM-1261"
},
{
"name": "RHSA-2010:0965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0965.html"
},
{
"name": "RHSA-2010:0964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0964.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=660623"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4265",
"datePublished": "2010-12-30T20:00:00Z",
"dateReserved": "2010-11-16T00:00:00Z",
"dateUpdated": "2024-08-07T03:43:13.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3862
Vulnerability from cvelistv5
Published
2010-12-30 20:00
Modified
2024-08-07 03:26
Severity ?
EPSS score ?
Summary
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:11.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/JBPAPP-5253"
},
{
"name": "RHSA-2010:0938",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0938.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641389"
},
{
"name": "RHSA-2010:0960",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0960.html"
},
{
"name": "RHSA-2010:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0959.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/JBREM-1261"
},
{
"name": "RHSA-2010:0937",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0937.html"
},
{
"name": "RHSA-2010:0961",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0961.html"
},
{
"name": "RHSA-2010:0962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0962.html"
},
{
"name": "RHSA-2010:0939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0939.html"
},
{
"name": "RHSA-2010:0963",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0963.html"
},
{
"name": "1024813",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024813"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-30T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.jboss.org/browse/JBPAPP-5253"
},
{
"name": "RHSA-2010:0938",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0938.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641389"
},
{
"name": "RHSA-2010:0960",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0960.html"
},
{
"name": "RHSA-2010:0959",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0959.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/JBREM-1261"
},
{
"name": "RHSA-2010:0937",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0937.html"
},
{
"name": "RHSA-2010:0961",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0961.html"
},
{
"name": "RHSA-2010:0962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0962.html"
},
{
"name": "RHSA-2010:0939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0939.html"
},
{
"name": "RHSA-2010:0963",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0963.html"
},
{
"name": "1024813",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024813"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3862",
"datePublished": "2010-12-30T20:00:00Z",
"dateReserved": "2010-10-08T00:00:00Z",
"dateUpdated": "2024-08-07T03:26:11.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-12-30 21:00
Modified
2024-11-21 01:19
Severity ?
Summary
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_remoting | 2.2.0 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.3 | |
| redhat | jboss_remoting | 2.2.3 | |
| redhat | jboss_remoting | 2.2.3 | |
| redhat | jboss_remoting | 2.2.3 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 5.1.0 | |
| redhat | jboss_enterprise_web_platform | 5.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CE9D33-C47B-4781-98CF-39F47D5C6E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp10:*:*:*:*:*:*",
"matchCriteriaId": "47DAB8A9-8051-4F3A-BE0B-C25274569A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp11:*:*:*:*:*:*",
"matchCriteriaId": "B0366492-7A9C-4EFB-8376-0872255E0818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A3EACF37-083A-4A13-BAD0-92ED94A412EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "AA1C34A8-4B0C-4F2D-B0EF-BD5511CE679D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp7:*:*:*:*:*:*",
"matchCriteriaId": "C7CBE5D3-BDDB-4C1D-B0A2-DDDF3C80D1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp8:*:*:*:*:*:*",
"matchCriteriaId": "9C236E4B-9DCC-474D-90D0-2C61DE0C66E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6135AFA9-415D-4438-AFD6-829F457EDA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5991E822-E554-497A-9693-D0F3239ADC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EC3696E9-2702-41E4-9566-B55A6BEE9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "21819E6B-4EFF-4832-AF46-751E9B964A91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*",
"matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*",
"matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*",
"matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*",
"matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*",
"matchCriteriaId": "197F047B-E11C-4B79-B6C4-79B2C278A33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*",
"matchCriteriaId": "CCE383FE-3C03-4B4F-A2E6-AD673F8A44FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07:*:*:*:*:*:*",
"matchCriteriaId": "62A85D7D-B60A-4566-BA4B-2F74E452C4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp08:*:*:*:*:*:*",
"matchCriteriaId": "08103F7B-E6BD-4688-B178-F4839B1CD434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:*",
"matchCriteriaId": "FA7424BA-1E18-4267-9697-F4560BE75359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "972C5C87-E982-44A5-866D-FDEACB5203B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC20F443-4918-46D2-8251-1C8F072B7733",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data."
},
{
"lang": "es",
"value": "El m\u00e9todo org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run en JBoss Remoting 2.2.x anteriores a 2.2.3.SP4 y 2.5.x anteriores a 2.5.3.SP2 de la plataforma de aplicaciones Red Hat JBoss Enterprise (JBoss EAP o JBEAP) 4.3 hasta la 4.3.0.CP09 y 5.1.0; y plataforma web JBoss Enterprise (JBEWP) 5.1.0; permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) estableciendo una sesi\u00f3n TCP de conexi\u00f3n de control bisocket, y a continuaci\u00f3n no enviando ning\u00fan dato de aplicaci\u00f3n."
}
],
"id": "CVE-2010-3862",
"lastModified": "2024-11-21T01:19:46.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-30T21:00:01.330",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1024813"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0937.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0938.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0939.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0959.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0960.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0961.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0962.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0963.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641389"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.jboss.org/browse/JBPAPP-5253"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.jboss.org/browse/JBREM-1261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0937.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0938.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0939.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0959.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0960.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0961.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0962.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.jboss.org/browse/JBPAPP-5253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.jboss.org/browse/JBREM-1261"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-30 21:00
Modified
2024-11-21 01:20
Severity ?
Summary
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_remoting | 2.2.0 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.2 | |
| redhat | jboss_remoting | 2.2.3 | |
| redhat | jboss_remoting | 2.2.3 | |
| redhat | jboss_remoting | 2.2.3 | |
| redhat | jboss_remoting | 2.2.3 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 5.1.0 | |
| redhat | jboss_enterprise_web_platform | 5.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73CE9D33-C47B-4781-98CF-39F47D5C6E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp10:*:*:*:*:*:*",
"matchCriteriaId": "47DAB8A9-8051-4F3A-BE0B-C25274569A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp11:*:*:*:*:*:*",
"matchCriteriaId": "B0366492-7A9C-4EFB-8376-0872255E0818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A3EACF37-083A-4A13-BAD0-92ED94A412EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "AA1C34A8-4B0C-4F2D-B0EF-BD5511CE679D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp7:*:*:*:*:*:*",
"matchCriteriaId": "C7CBE5D3-BDDB-4C1D-B0A2-DDDF3C80D1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp8:*:*:*:*:*:*",
"matchCriteriaId": "9C236E4B-9DCC-474D-90D0-2C61DE0C66E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6135AFA9-415D-4438-AFD6-829F457EDA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5991E822-E554-497A-9693-D0F3239ADC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EC3696E9-2702-41E4-9566-B55A6BEE9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "21819E6B-4EFF-4832-AF46-751E9B964A91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*",
"matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*",
"matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*",
"matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*",
"matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*",
"matchCriteriaId": "197F047B-E11C-4B79-B6C4-79B2C278A33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*",
"matchCriteriaId": "CCE383FE-3C03-4B4F-A2E6-AD673F8A44FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07:*:*:*:*:*:*",
"matchCriteriaId": "62A85D7D-B60A-4566-BA4B-2F74E452C4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp08:*:*:*:*:*:*",
"matchCriteriaId": "08103F7B-E6BD-4688-B178-F4839B1CD434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:*",
"matchCriteriaId": "FA7424BA-1E18-4267-9697-F4560BE75359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "972C5C87-E982-44A5-866D-FDEACB5203B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC20F443-4918-46D2-8251-1C8F072B7733",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier."
},
{
"lang": "es",
"value": "El m\u00e9todo org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run de JBoss Remoting 2.2.x anteriores a 2.2.3.SP4 y 2.5.x anteriores a 2.5.3.SP2 de la plataforma de aplicaciones Red Hat JBoss Enterprise (JBoss EAP o JBEAP) 4.3 hasta la 4.3.0.CP09 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) estableciendo un sesi\u00f3n TCP de conexi\u00f3n de control bisocket, y no enviando ning\u00fan dato de aplicaci\u00f3n. Vulnerabilidad relacionada con un parche olvidado de CVE-2010-3862. NOTA: puede ser considerada un duplicado del CVE-2010-3862 porque un parche olvidado no deber\u00eda tener asignado un identificador CVE."
}
],
"id": "CVE-2010-4265",
"lastModified": "2024-11-21T01:20:34.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-30T21:00:02.017",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1024840"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0964.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0965.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=660623"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.jboss.org/browse/JBPAPP-5253"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.jboss.org/browse/JBREM-1261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0964.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0965.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=660623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.jboss.org/browse/JBPAPP-5253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.jboss.org/browse/JBREM-1261"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}