CVE-2016-2094

Impact:
Moderate
Public Date:
2016-02-17
CWE:
CWE-358
Bugzilla:
1308465: CVE-2016-2094 EAP: HTTPS NIO connector uses no timeout when reading SSL handshake from client
A read-timeout flaw was found in the HTTPS NIO Connector handling of SSL handshakes. A remote, unauthenticated attacker could create a socket and cause a thread to remain occupied indefinitely so long as the socket remained open (denial of service).

Find out more about CVE-2016-2094 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (jboss-ec2-eap) RHSA-2016:0598 2016-04-05
Red Hat JBoss Enterprise Application Platform 6.4 RHSA-2016:0599 2016-04-05
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server RHSA-2016:0596 2016-04-05
Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7 Server RHSA-2016:0597 2016-04-05
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server RHSA-2016:0595 2016-04-05

Acknowledgements

This issue was discovered by Aaron Ogburn of Red Hat.
Last Modified