#VU10381 Infinite loop in JBoss Application Server - CVE-2018-1041
Published: February 6, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU10381
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-1041
CWE-ID: CWE-835
Exploitation vector: Adjecent network
Exploit availability:
Public exploit is available
Vulnerable software:
JBoss Application Server
JBoss Application Server
Software vendor:
Red Hat Inc.
Red Hat Inc.
Description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to an error when handling malicious input. An adjacent attacker can send specially crafted data to trigger an empty buffer read error in RemoteMessageChannel, consume excessive CPU resources and cause the application to enter an infinite loop and then the service to crash.
The weakness exists due to an error when handling malicious input. An adjacent attacker can send specially crafted data to trigger an empty buffer read error in RemoteMessageChannel, consume excessive CPU resources and cause the application to enter an infinite loop and then the service to crash.
Remediation
Install update from vendor's website.