A vulnerability was found in Wildfly’s Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
CPE | Name | Operator | Version |
---|---|---|---|
amq | eq | 2.0 | |
jboss_fuse | eq | 6.0.0 | |
single_sign-on | eq | 7.0 |