vulnerability

Red Hat JBossEAP: Improper Resource Shutdown or Release (CVE-2020-14307)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:N/A:C)	2020-07-23	2024-09-19	2024-12-20

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

2020-07-23

Added

2024-09-19

Modified

2024-12-20

Description

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.. A vulnerability was found in Wildfly's Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

Solution

red-hat-jboss-eap-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today