CVE-2014-0086

Exploit

EPSS 0.64%
Veröffentlicht 31.03.2014 14:58:19
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jboss Web Framework Kit Version2.5.0

Redhat ≫ Richfaces Version4.3.4

Redhat ≫ Richfaces Version4.3.5

Redhat ≫ Richfaces Version5.0.0 Updatealpha1

Redhat ≫ Richfaces Version5.0.0 Updatealpha2

Redhat ≫ Richfaces Version5.0.0 Updatealpha3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.681

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2014-0335.html

http://secunia.com/advisories/57053

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1067268

https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757

Patch

Exploit

https://issues.jboss.org/browse/RF-13250

Patch

https://nvd.nist.gov/vuln/detail/CVE-2014-0086

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0086

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0086

EUVD