Vulnerability Description
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Remoting | 2.2.0 |
| Redhat | Jboss Enterprise Application Platform | 4.3.0 |
| Redhat | Jboss Enterprise Web Platform | 5.1.0 |
References
- http://securitytracker.com/id?1024840
- http://www.redhat.com/support/errata/RHSA-2010-0964.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0965.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=660623
- https://issues.jboss.org/browse/JBPAPP-5253
- https://issues.jboss.org/browse/JBREM-1261
- http://securitytracker.com/id?1024840
- http://www.redhat.com/support/errata/RHSA-2010-0964.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0965.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=660623
- https://issues.jboss.org/browse/JBPAPP-5253
- https://issues.jboss.org/browse/JBREM-1261
FAQ
What is CVE-2010-4265?
CVE-2010-4265 is a vulnerability with a CVSS score of 2.6 (LOW). The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise A...
How severe is CVE-2010-4265?
CVE-2010-4265 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4265?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Remoting, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Web Platform.