CVE-2014-0086

Exploit

EPSS 0.64%
Published 31.03.2014 14:58:19
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Web Framework Kit Version2.5.0

Redhat ≫ Richfaces Version4.3.4

Redhat ≫ Richfaces Version4.3.5

Redhat ≫ Richfaces Version5.0.0 Updatealpha1

Redhat ≫ Richfaces Version5.0.0 Updatealpha2

Redhat ≫ Richfaces Version5.0.0 Updatealpha3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.64%	0.681

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2014-0335.html

http://secunia.com/advisories/57053

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1067268

https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757

Patch

Exploit

https://issues.jboss.org/browse/RF-13250

Patch

https://nvd.nist.gov/vuln/detail/CVE-2014-0086

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0086

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0086

EUVD