Vulnerability Details CVE-2020-35510
A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.7%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 7.1
References
Products affected by CVE-2020-35510
-
cpe:2.3:a:redhat:jboss-remoting:3.3.10
-
cpe:2.3:a:redhat:jboss-remoting:5.0.14
-
cpe:2.3:a:redhat:jboss-remoting:5.0.20