Uploaded image for project: 'JBoss Remoting (3+)'
  1. JBoss Remoting (3+)
  2. REM3-379

CVE-2020-35510 Threads hold up forever in the EJB server by suppressing the ack from an EJB client

    XMLWordPrintable

Details

    Description

      A flaw was found in JBoss Remoting. When a malicious attacker could cause threads holding up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ack messages, or just tamper with jboss-remoting code, deleting the lines that send the ack message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

      CVE Info: https://access.redhat.com/security/cve/cve-2020-35510

      Attachments

        Issue Links

          Activity

            People

              flaviarnn Flavia Rainone
              flaviarnn Flavia Rainone
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: