CVE-2018-1041 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jboss	Jboss-Remoting	3.3.10
Redhat	Jboss Enterprise Application Platform	6.0.0
Redhat	Linux	5.0

Related Weaknesses (CWE)

CWE-835

References

http://www.securitytracker.com/id/1040323Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0268Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0269Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0270Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0271Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0275Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1530457Issue TrackingVendor Advisory
https://www.exploit-db.com/exploits/44099/ExploitThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040323Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0268Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0269Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0270Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0271Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0275Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1530457Issue TrackingVendor Advisory

FAQ

What is CVE-2018-1041?

CVE-2018-1041 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high...

How severe is CVE-2018-1041?

CVE-2018-1041 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1041?

Check the references section above for vendor advisories and patch information. Affected products include: Jboss Jboss-Remoting, Redhat Jboss Enterprise Application Platform, Redhat Linux.