4.3

CVE-2014-0086

Exploit
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatJboss Web Framework Kit Version2.5.0
RedhatRichfaces Version4.3.4
RedhatRichfaces Version4.3.5
RedhatRichfaces Version5.0.0 Updatealpha1
RedhatRichfaces Version5.0.0 Updatealpha2
RedhatRichfaces Version5.0.0 Updatealpha3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.46% 0.704
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2014-0335.html
http://secunia.com/advisories/57053
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1067268
https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757
Patch
Exploit
https://issues.jboss.org/browse/RF-13250
Patch