CVE-2014-0193
A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service.
Find out more about CVE-2014-0193 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Portal 6.2 | RHSA-2015:1009 | 2015-05-14 |
| Red Hat JBoss Fuse Service Works 6.0 | RHSA-2015:0720 | 2015-03-24 |
| Red Hat JBoss BPMS 6.0 | RHSA-2015:0234 | 2015-02-17 |
| Red Hat JBoss Enterprise Application Platform 6.3 | RHSA-2014:1021 | 2014-08-06 |
| Red Hat JBoss BRMS 6.0 | RHSA-2014:0818 | 2014-06-30 |
| Red Hat JBoss Data Virtualization 6.0 | RHSA-2015:0765 | 2015-03-31 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server (netty) | RHSA-2014:1019 | 2014-08-06 |
| Red Hat JBoss Fuse 6.1 | RHSA-2014:1351 | 2014-10-01 |
| Red Hat JBoss A-MQ 6.1 | RHSA-2014:1351 | 2014-10-01 |
| Red Hat JBoss Data Virtualization 6.1 | RHSA-2015:0675 | 2015-03-11 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (netty) | RHSA-2014:1020 | 2014-08-06 |
| Red Hat JBoss Operations Network 3.2 | RHSA-2014:0910 | 2014-07-21 |
| Red Hat JBoss BRMS 6.0 | RHSA-2015:0235 | 2015-02-17 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | netty | Will not fix |
| Red Hat Satellite 6 | netty | Fix deferred |
| Red Hat JBoss Portal 5 | netty | Will not fix |
| Red Hat JBoss Enterprise SOA Platform 5 | netty | Will not fix |
| Red Hat JBoss EAP 5 | netty | Will not fix |
| Red Hat JBoss Data Grid 6 | netty | Not affected |
| Red Hat JBoss BRMS 5 | netty | Will not fix |