1. CVE-Search
  2. CVE-2010-4265
ID CVE-2010-4265
Summary The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:jboss_remoting:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp11:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp11:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp4:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp4:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp7:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp7:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp2:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp8:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp8:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp10:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp10:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp1:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp3:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp3:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp2:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_remoting:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_remoting:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp08:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp08:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 13-02-2023 - 04:28)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2010:0964
  • rhsa
    id RHSA-2010:0965
rpms
  • jboss-remoting-0:2.2.3-4.SP3.ep1.1.el4
  • jboss-remoting-0:2.2.3-4.SP3.ep1.1.el5
refmap via4
confirm
misc https://issues.jboss.org/browse/JBPAPP-5253
sectrack 1024840
Last major update 13-02-2023 - 04:28
Published 30-12-2010 - 21:00
Last modified 13-02-2023 - 04:28
Back to Top