CVE-2020-14307

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Red Hat JBoss EAP 7

Description A flaw was found in Wildfly's Enterprise Java Beans (EJB) where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received. This allows an attacker to craft a denial of service attack, making the service unavailable.

Recommendations For Red Hat JBoss EAP 7, consider implementing measures to prevent abuse of the InvocationTracker, such as restricting access to the EJB Client, until a patch is available.

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

CVE-2020-14307

RHSA-2020:3141

RHSA-2020:3142

RHSA-2020:3461

RHSA-2020:3462

RHSA-2020:3463

RHSA-2020:3637

RHSA-2020:3638

RHSA-2020:3639

RHSA-2020:3817

Affected Products

Red Hat Jboss Eap

CVE-2020-14307

Weakness Enumeration

Related Identifiers

Affected Products

References · 3