Uploaded image for project: 'JBoss Remoting (3+)'
  1. JBoss Remoting (3+)
  2. REM3-379

CVE-2020-35510 Threads hold up forever in the EJB server by suppressing the ack from an EJB client

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 5.1.0.Final, 5.0.22.Final
    • None
    • None

      A flaw was found in JBoss Remoting. When a malicious attacker could cause threads holding up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ack messages, or just tamper with jboss-remoting code, deleting the lines that send the ack message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

      CVE Info: https://access.redhat.com/security/cve/cve-2020-35510

              flaviarnn Flavia Rainone
              flaviarnn Flavia Rainone
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: