Vulnerability Description
JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Communications Platform | <= 5.1 |
| Redhat | Jboss Enterprise Application Platform | <= 5.1.2 |
| Redhat | Jboss Enterprise Brms Platform | <= 5.1.0 |
| Redhat | Jboss Enterprise Web Platform | <= 5.1.2 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2012-0074.html
- http://rhn.redhat.com/errata/RHSA-2012-0075.html
- http://rhn.redhat.com/errata/RHSA-2012-0076.html
- http://rhn.redhat.com/errata/RHSA-2012-0077.html
- http://rhn.redhat.com/errata/RHSA-2012-0078.html
- http://rhn.redhat.com/errata/RHSA-2012-0325.html
- http://www.osvdb.org/78775
- http://www.securityfocus.com/bid/51829
- https://bugzilla.redhat.com/show_bug.cgi?id=767871Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-0074.html
- http://rhn.redhat.com/errata/RHSA-2012-0075.html
- http://rhn.redhat.com/errata/RHSA-2012-0076.html
- http://rhn.redhat.com/errata/RHSA-2012-0077.html
- http://rhn.redhat.com/errata/RHSA-2012-0078.html
- http://rhn.redhat.com/errata/RHSA-2012-0325.html
FAQ
What is CVE-2011-4610?
CVE-2011-4610 is a vulnerability with a CVSS score of 5.0 (MEDIUM). JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attacker...
How severe is CVE-2011-4610?
CVE-2011-4610 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4610?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Communications Platform, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Brms Platform, Redhat Jboss Enterprise Web Platform.