James Livingston

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Remoting versions 5.3.1 GA and earlier Red Hat JBoss SOA Platform version 5.3.1 GA Red Hat Web Platform version 5.2.0 Red Hat Enterprise Application Platform version 5.2.0 **Description** The issue allows remote attackers to cause a denial of service, specifically file descriptor consumption, via unspecified vectors. This is related to the org.jboss.remoting.transport.socket.ServerThread class. **Recommendations** For Red Hat JBoss Remoting version 5.3.1 GA and earlier, consider restricting access to the ServerThread class until a patch is available. For Red Hat JBoss SOA Platform version 5.3.1 GA, update to a version that includes a fix for the issue. For Red Hat Web Platform version 5.2.0, update to a version that includes a fix for the issue. For Red Hat Enterprise Application Platform version 5.2.0, update to a version that includes a fix for the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.