CVE-2020-35510

Name of the Vulnerable Software and Affected Versions: jboss-remoting versions before 5.0.20.SP1-redhat-00001

Description: A flaw was found in jboss-remoting that allows a malicious attacker to cause threads to hold up forever in the EJB server. This can be achieved by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or by tampering with jboss-remoting code and deleting the lines that send the ACK message from the EJB client code. The result is a denial of service, with the highest threat being to system availability.

Recommendations: For versions before 5.0.20.SP1-redhat-00001, update to version 5.0.20.SP1-redhat-00001 or later to resolve the issue. As a temporary workaround, consider restricting access to the EJB server to minimize the risk of exploitation.