CVE-2018-1041

EPSS 15.8%CWE-835

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

Productos afectados

Red Hat, Inc. · jboss-remoting

PoCs públicas encontradas — 2

cve_referencewww.exploit-db.com/exploits/44099/no verificado exploitdbwww.exploit-db.com/exploits/44099no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHSA-2018:0268 https://access.redhat.com/errata/RHSA-2018:0269 https://access.redhat.com/errata/RHSA-2018:0270 https://access.redhat.com/errata/RHSA-2018:0271 https://access.redhat.com/errata/RHSA-2018:0275 https://bugzilla.redhat.com/show_bug.cgi?id=1530457 https://www.exploit-db.com/exploits/44099/http://www.securitytracker.com/id/1040323