Red Hat JBoss-remoting 3.3.10

CPE Details

Red Hat JBoss-remoting 3.3.10
redhat
jboss-remoting
3.3.10
2018-03-08
02h11 +00:00
2021-04-15
14h35 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:jboss-remoting:3.3.10:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

jboss-remoting

Version

3.3.10

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-35510 2021-06-02 11h22 +00:00 A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.
5.9
Medium
CVE-2019-19343 2021-03-23 19h23 +00:00 A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.
7.5
High