PT-2014-2174 · Red Hat · Red Hat Jboss Enterprise Application Platform+2
David Jorm
·
Published
2014-02-10
·
Updated
2014-03-06
·
CVE-2011-4610
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Red Hat JBoss Communications Platform versions prior to 5.1.3
Red Hat Enterprise Web Platform versions prior to 5.1.2
Red Hat Enterprise Application Platform versions prior to 5.1.2
Description
The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This is achieved through vectors related to a crafted UTF-8 character, specifically a "surrogate pair character" that is positioned at the boundary of an internal buffer.
Recommendations
For Red Hat JBoss Communications Platform versions prior to 5.1.3, update to version 5.1.3 or later.
For Red Hat Enterprise Web Platform versions prior to 5.1.2, update to version 5.1.2 or later.
For Red Hat Enterprise Application Platform versions prior to 5.1.2, update to version 5.1.2 or later.
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Jboss Enterprise Application Platform
Red Hat Enterprise Web Platform
Red Hat Jboss Communications Platform