Ole Husgaard

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Enterprise Application Platform versions 4.3 through 4.3.0.CP09 Red Hat JBoss Enterprise Application Platform version 5.1.0 JBoss Enterprise Web Platform version 5.1.0 JBoss Remoting versions 2.2.x through 2.2.2 JBoss Remoting versions 2.5.x through 2.5.2 **Description** The issue allows remote attackers to cause a denial of service by establishing a bisocket control connection TCP session and then not sending any application data. This is due to the `org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run` method in JBoss Remoting. **Recommendations** For JBoss Remoting versions 2.2.x, update to version 2.2.3.SP4 or later. For JBoss Remoting versions 2.5.x, update to version 2.5.3.SP2 or later. For Red Hat JBoss Enterprise Application Platform versions 4.3 through 4.3.0.CP09, update to a version that includes the fixed JBoss Remoting. For Red Hat JBoss Enterprise Application Platform version 5.1.0, update to a version that includes the fixed JBoss Remoting. For JBoss Enterprise Web Platform version 5.1.0, update to a version that includes the fixed JBoss Remoting.