CVE-2020-35510
Last modified
CVE-2020-35510 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. EPSS estimates a 1.09% chance of exploitation in the next 30 days.
Description
A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss-Remoting | < 5.0.20 |
| Redhat | Jboss-Remoting | 5.0.20 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905796Issue Tracking, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1905796Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-35510?
How severe is CVE-2020-35510?
How do I fix CVE-2020-35510?
Are you affected by CVE-2020-35510?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST