-
Bug
-
Resolution: Done
-
Major
-
None
-
None
A flaw was found in JBoss Remoting. When a malicious attacker could cause threads holding up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ack messages, or just tamper with jboss-remoting code, deleting the lines that send the ack message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE Info: https://access.redhat.com/security/cve/cve-2020-35510
- causes
-
REM3-387 IOException with message ack timeout expired before timeout has elapsed
- Resolved
- is incorporated by
-
JBEAP-21961 [GSS](7.4.z) Upgrade remoting from 5.0.20.SP1-redhat-00001 to 5.0.23.SP1-redhat-00001
- Closed
-
WFCORE-5423 Upgrade remoting from 5.0.21.Final to 5.0.23.Final (fixes CVE-2020-35510)
- Closed
- is related to
-
REM3-388 Move ACK_TIMEOUT to nanoseconds
- Resolved
- links to