- Description
- JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer."
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_communications_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7736ACC-3D6C-470C-B51A-43D84906F675",
"versionEndIncluding": "5.1"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "861BBC47-6A47-4896-93B5-5009DFCFB8A1",
"versionEndIncluding": "5.1.2"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27C53057-A539-4ABC-99FF-78E90997B989",
"versionEndIncluding": "5.1.0"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA6234E2-8321-477B-AE6F-6F38B24D9082",
"versionEndIncluding": "5.1.2"
}
],
"operator": "OR"
}
]
}
]