Vulnerability Details CVE-2016-2094
The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://rhn.redhat.com/errata/RHSA-2016-0595.html
- http://rhn.redhat.com/errata/RHSA-2016-0596.html
- http://rhn.redhat.com/errata/RHSA-2016-0597.html
- http://rhn.redhat.com/errata/RHSA-2016-0598.html
- http://rhn.redhat.com/errata/RHSA-2016-0599.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1308465
- http://rhn.redhat.com/errata/RHSA-2016-0595.html
- http://rhn.redhat.com/errata/RHSA-2016-0596.html
- http://rhn.redhat.com/errata/RHSA-2016-0597.html
- http://rhn.redhat.com/errata/RHSA-2016-0598.html
- http://rhn.redhat.com/errata/RHSA-2016-0599.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1308465
Products affected by CVE-2016-2094
-
cpe:2.3:a:jboss:enterprise_application_platform:6.4.6