FKIE_CVE-2011-4610

Vulnerability from fkie_nvd - Published: 2014-02-10 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer."
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0074.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0075.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0076.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0077.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0078.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0325.html
secalert@redhat.comhttp://www.osvdb.org/78775
secalert@redhat.comhttp://www.securityfocus.com/bid/51829
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=767871Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0074.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0075.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0076.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0077.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0078.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0325.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/78775
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/51829
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=767871Vendor Advisory
Impacted products
Vendor Product Version
redhat jboss_communications_platform *
redhat jboss_enterprise_application_platform *
redhat jboss_enterprise_brms_platform *
redhat jboss_enterprise_web_platform *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_communications_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7736ACC-3D6C-470C-B51A-43D84906F675",
              "versionEndIncluding": "5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "861BBC47-6A47-4896-93B5-5009DFCFB8A1",
              "versionEndIncluding": "5.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C53057-A539-4ABC-99FF-78E90997B989",
              "versionEndIncluding": "5.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA6234E2-8321-477B-AE6F-6F38B24D9082",
              "versionEndIncluding": "5.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a \"surrogate pair character\" that is \"at the boundary of an internal buffer.\""
    },
    {
      "lang": "es",
      "value": "JBoss Web, utilizado en Red Hat JBoss Communications Platform anterior a 5.1.3, Enterprise Web Platform anterior a 5.1.2, Enterprise Application Platform anterior a 5.1.2 y otros productos, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de vectores relacionados con un UTF-8 manipulado y un \"caracter de par subrogado\" que est\u00e1 \"en el l\u00edmite de un buffer interno.\""
    }
  ],
  "id": "CVE-2011-4610",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-10T23:55:04.713",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/78775"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/51829"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=767871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/78775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=767871"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.