CVE-2010-4265

EUVD-2010-4238
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch.  NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
redhatjboss_remoting
2.2.0
redhatjboss_remoting
2.2.2:sp10
redhatjboss_remoting
2.2.2:sp11
redhatjboss_remoting
2.2.2:sp2
redhatjboss_remoting
2.2.2:sp4
redhatjboss_remoting
2.2.2:sp7
redhatjboss_remoting
2.2.2:sp8
redhatjboss_remoting
2.2.3
redhatjboss_remoting
2.2.3:sp1
redhatjboss_remoting
2.2.3:sp2
redhatjboss_remoting
2.2.3:sp3
redhatjboss_enterprise_application_platform
4.3.0
redhatjboss_enterprise_application_platform
4.3.0:cp01
redhatjboss_enterprise_application_platform
4.3.0:cp02
redhatjboss_enterprise_application_platform
4.3.0:cp03
redhatjboss_enterprise_application_platform
4.3.0:cp04
redhatjboss_enterprise_application_platform
4.3.0:cp05
redhatjboss_enterprise_application_platform
4.3.0:cp06
redhatjboss_enterprise_application_platform
4.3.0:cp07
redhatjboss_enterprise_application_platform
4.3.0:cp08
redhatjboss_enterprise_application_platform
4.3.0:cp09
redhatjboss_enterprise_application_platform
5.1.0
redhatjboss_enterprise_web_platform
5.1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jbossas4
artful
dne
bionic
dne
cosmic
dne
dapper
dne
hardy
ignored
karmic
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
References
http://securitytracker.com/id?1024840
http://www.redhat.com/support/errata/RHSA-2010-0964.html
http://www.redhat.com/support/errata/RHSA-2010-0965.html
https://bugzilla.redhat.com/show_bug.cgi?id=660623
https://issues.jboss.org/browse/JBPAPP-5253
https://issues.jboss.org/browse/JBREM-1261
http://securitytracker.com/id?1024840
http://www.redhat.com/support/errata/RHSA-2010-0964.html
http://www.redhat.com/support/errata/RHSA-2010-0965.html
https://bugzilla.redhat.com/show_bug.cgi?id=660623
https://issues.jboss.org/browse/JBPAPP-5253
https://issues.jboss.org/browse/JBREM-1261