Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0086

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-0086
Last Modified 31 Mar 2014 01:33:56
Published 31 Mar 2014 10:58:19
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0086

Summary

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.

Vulnerable Systems

Application

  • Redhat Jboss Web Framework Kit 2.5.0

  • Redhat Richfaces 4.3.4

  • Redhat Richfaces 4.3.5

  • Redhat Richfaces 5.0.0


References

CONFIRM - https://issues.jboss.org/browse/RF-13250

CONFIRM - https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1067268

SECUNIA - 57053


Last Updated: 27 May 2016 11:04:48