Vulnerability Description
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Web Framework Kit | 2.5.0 |
| Redhat | Richfaces | 4.3.4 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2014-0335.html
- http://secunia.com/advisories/57053Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1067268
- https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757ExploitPatch
- https://issues.jboss.org/browse/RF-13250Patch
- http://rhn.redhat.com/errata/RHSA-2014-0335.html
- http://secunia.com/advisories/57053Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1067268
- https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757ExploitPatch
- https://issues.jboss.org/browse/RF-13250Patch
FAQ
What is CVE-2014-0086?
CVE-2014-0086 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a ...
How severe is CVE-2014-0086?
CVE-2014-0086 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0086?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Web Framework Kit, Redhat Richfaces.