7.5
CVE-2018-1041
- EPSS 14.13%
- Veröffentlicht 15.02.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:03
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jboss ≫ Jboss-remoting Version3.3.10
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 14.13% | 0.941 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.