CVE-2010-3862
The MITRE CVE dictionary describes this issue as:
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data.
Find out more about CVE-2010-3862 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 2.6 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server | RHSA-2010:0960 | 2010-12-08 |
| Red Hat JBoss Web Platform 5 for RHEL 4 AS | RHSA-2010:0961 | 2010-12-08 |
| Red Hat JBoss Enterprise Application Platform 5.1 | RHSA-2010:0963 | 2010-12-08 |
| Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS | RHSA-2010:0937 | 2010-12-01 |
| Red Hat JBoss Enterprise Application Platform 4.3 | RHSA-2010:0939 | 2010-12-01 |
| Red Hat JBoss Web Platform 5 for RHEL 5 Server | RHSA-2010:0961 | 2010-12-08 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS | RHSA-2010:0959 | 2010-12-08 |
| Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server | RHSA-2010:0938 | 2010-12-01 |
| Red Hat JBoss Web Platform 5.1 | RHSA-2010:0962 | 2010-12-08 |
Acknowledgements
Red Hat would like to thank Ole Husgaard of eXerp.com for reporting this issue.CVE description copyright © 2017, The MITRE Corporation