Denial Of Service (DoS)

2020-04-1001:07:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.023 Low

EPSS

Percentile

89.7%

JSON

jbossweb is vulnerable to denial of service (DoS). The vulnerability exists as a flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server.

CPENameOperatorVersion
jbosswebeq2.1.10__5.patch01.1.1.ep5.el5
jbosswebeq2.0.0__2.CP01.0jpp.ep1.4.el5
jbosswebeq2.0.0__8.CP15.patch01.0jpp.ep1.1.el4
jbosswebeq2.1.12__1.4_patch_01.ep5.el6
jbosswebeq2.0.0__8.CP15.patch01.0jpp.ep1.1.el5
jbosswebeq2.1.11__5.4.ep5.el4
jbosswebeq2.0.0__3.CP05.0jpp.ep1.1.el5
jbosswebeq2.1.12__1.4_patch_01.ep5.el4
jbosswebeq2.1.11__5.4.ep5.el5
jbosswebeq2.1.12__1.4_patch_01.ep5.el5

Name	Operator	Version
jbossweb	eq	2.1.10__5.patch01.1.1.ep5.el5
jbossweb	eq	2.0.0__2.CP01.0jpp.ep1.4.el5
jbossweb	eq	2.0.0__8.CP15.patch01.0jpp.ep1.1.el4
jbossweb	eq	2.1.12__1.4_patch_01.ep5.el6
jbossweb	eq	2.0.0__8.CP15.patch01.0jpp.ep1.1.el5
jbossweb	eq	2.1.11__5.4.ep5.el4
jbossweb	eq	2.0.0__3.CP05.0jpp.ep1.1.el5
jbossweb	eq	2.1.12__1.4_patch_01.ep5.el4
jbossweb	eq	2.1.11__5.4.ep5.el5
jbossweb	eq	2.1.12__1.4_patch_01.ep5.el5