jboss-remoting is vulnerable to denial of service (DoS). The vulnerability exists as the JBoss Enterprise Application Platform 4.3.0.CP09 updates RHSA-2010:0937 and RHSA-2010:0938 did not, unlike the errata texts stated, provide a fix for CVE-2010-3862. A remote attacker could use specially-crafted input to cause the JBoss Remoting listeners to become unresponsive, resulting in a denial of service condition for services communicating via JBoss Remoting sockets.
securitytracker.com/id?1024840
www.redhat.com/support/errata/RHSA-2010-0964.html
www.redhat.com/support/errata/RHSA-2010-0965.html
access.redhat.com/errata/RHSA-2010:0964
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=660623
issues.jboss.org/browse/JBPAPP-5253
issues.jboss.org/browse/JBREM-1261