7.5

CVE-2018-1041

Exploit
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JbossJboss-remoting Version3.3.10
RedhatJboss Enterprise Application Platform Version6.0.0
   RedhatLinux Version5.0
   RedhatLinux Version6.0
   RedhatLinux Version7.0
RedhatJboss Enterprise Application Platform Version6.4.0
   RedhatLinux Version5.0
   RedhatLinux Version6.0
   RedhatLinux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.81% 0.965
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://access.redhat.com/errata/RHSA-2018:0268
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0269
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0270
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0271
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0275
Vendor Advisory
http://www.securitytracker.com/id/1040323
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1530457
Vendor Advisory
Issue Tracking
https://www.exploit-db.com/exploits/44099/
Third Party Advisory
Exploit
VDB Entry