PT-2020-13990 · Red Hat · Jbossweb

Kunjan Rathod

Published

2020-09-09

Updated

2021-11-04

CVE-2020-14384

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions JBossWeb versions prior to 7.5.31.Final-redhat-3

Description A flaw in JBossWeb allows for a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame, affecting system availability.

Recommendations For versions prior to 7.5.31.Final-redhat-3, update to version 7.5.31.Final-redhat-3 or later to resolve the issue. As a temporary workaround, consider restricting access to WebSocket frames to minimize the risk of exploitation.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2020-14384

RHSA-2020:3730

RHSA-2022:5459

RHSA-2022:5460

Affected Products

Jbossweb

PT-2020-13990 · Red Hat · Jbossweb

CVE-2020-14384

Weakness Enumeration

Related Identifiers

Affected Products

References · 3