Home

CVE-2010-4265

Description

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.031

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp01Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp02Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp03Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp04Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp05Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp06Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp07Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0Windows
Vulnerabilities CVE-2010-3708,CVE-2010-3862,CVE-2010-3878,CVE-2010-4265 are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp08Windows
Vulnerabilities CVE-2010-3862,CVE-2010-4265,CVE-2011-1484,CVE-2011-2196 are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp09Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.1.0Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234