Vulnerability Details CVE-2018-1041
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.146
EPSS Ranking 94.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.securitytracker.com/id/1040323
- https://access.redhat.com/errata/RHSA-2018:0268
- https://access.redhat.com/errata/RHSA-2018:0269
- https://access.redhat.com/errata/RHSA-2018:0270
- https://access.redhat.com/errata/RHSA-2018:0271
- https://access.redhat.com/errata/RHSA-2018:0275
- https://bugzilla.redhat.com/show_bug.cgi?id=1530457
- https://www.exploit-db.com/exploits/44099/
- http://www.securitytracker.com/id/1040323
- https://access.redhat.com/errata/RHSA-2018:0268
- https://access.redhat.com/errata/RHSA-2018:0269
- https://access.redhat.com/errata/RHSA-2018:0270
- https://access.redhat.com/errata/RHSA-2018:0271
- https://access.redhat.com/errata/RHSA-2018:0275
- https://bugzilla.redhat.com/show_bug.cgi?id=1530457
- https://www.exploit-db.com/exploits/44099/
Products affected by CVE-2018-1041
-
cpe:2.3:a:jboss:jboss-remoting:3.3.10
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0
-
cpe:2.3:o:redhat:linux:5.0
-
cpe:2.3:o:redhat:linux:6.0
-
cpe:2.3:o:redhat:linux:7.0