7.5

CVE-2018-1041

Exploit

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

Data is provided by the National Vulnerability Database (NVD)
JbossJboss-remoting Version3.3.10
RedhatJboss Enterprise Application Platform Version6.0.0
   RedhatLinux Version5.0
   RedhatLinux Version6.0
   RedhatLinux Version7.0
RedhatJboss Enterprise Application Platform Version6.4.0
   RedhatLinux Version5.0
   RedhatLinux Version6.0
   RedhatLinux Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 14.13% 0.941
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://www.securitytracker.com/id/1040323
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/44099/
Third Party Advisory
Exploit
VDB Entry