CVE-2016-2094
First published: Mon Feb 15 2016(Updated: )
It was reported that HTTPS NIO connector uses no timeout when reading SSL handshake from a client to tie up a thread on the server just by creating a socket. Attacker could create socket and then never sends the handshake or any data at all, which causes the thread to remain occupied indefinitely so long as the socket remains open. Product bug: <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=1307039">https://bugzilla.redhat.com/show_bug.cgi?id=1307039</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Enterprise Application Platform | =6.4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1307039
- https://rhn.redhat.com/errata/RHSA-2016-0598.html
- https://rhn.redhat.com/errata/RHSA-2016-0597.html
- https://rhn.redhat.com/errata/RHSA-2016-0596.html
- https://rhn.redhat.com/errata/RHSA-2016-0595.html
- https://rhn.redhat.com/errata/RHSA-2016-0599.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1308465
- http://rhn.redhat.com/errata/RHSA-2016-0595.html
- http://rhn.redhat.com/errata/RHSA-2016-0596.html
- http://rhn.redhat.com/errata/RHSA-2016-0597.html
- http://rhn.redhat.com/errata/RHSA-2016-0598.html
- http://rhn.redhat.com/errata/RHSA-2016-0599.html
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-2094
- vendor/jboss
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/6.4.6