The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x prior to 2.2.3.SP4 and 2.5.x prior to 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 up to and including 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote malicious users to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
redhat jboss_remoting 2.2.2 |
||
redhat jboss_remoting 2.2.3 |
||
redhat jboss_remoting 2.2.0 |
||
redhat jboss_enterprise_application_platform 4.3.0 |
||
redhat jboss_enterprise_application_platform 5.1.0 |
||
redhat jboss_enterprise_web_platform 5.1.0 |
Vulmon