#VU51521 Input validation error in JBoss Remoting - CVE-2020-35510

Cybersecurity Help s.r.o.

Published: 2021-03-17

Vulnerability identifier: #VU51521

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-35510

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
JBoss Remoting
Universal components / Libraries / Libraries used by multiple products

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing EJB client requests. A remote user can send specially crafted EJB message to the server and perform a denial of service (DoS) attack.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

JBoss Remoting: 5.0.0 - 5.0.20

External links
https://access.redhat.com/errata/RHSA-2021:0873

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Splunk Add-on for JBoss update for third-party components

Multiple vulnerabilities in Fuse 7.10

Multiple vulnerabilities in Red Hat Single Sign-On 7.4

Multiple vulnerabilities in JBoss Enterprise Application Platform

Denial of service in JBoss Remoting