Show plain JSON{"acknowledgement": "Red Hat would like to thank Ole Husgaard (eXerp.com) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2010:0961", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "jboss-remoting-0:2.5.3-5.SP1.1.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0961", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "jbossws-cxf-0:3.1.2-4.SP7.6.jdk6.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0961", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "jopr-embedded-0:1.3.4-16.SP1.7.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0939", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxb-0:2.1.4-1.17.patch04.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxws-0:2.1.1-1jpp.ep1.13.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP11.0jpp.ep2.0.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-annotations-0:3.3.1-2.0.GA_CP04.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "javassist-0:3.9.0-2.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-8.GA_CP09.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-common-0:1.2.2-1.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-messaging-0:1.4.0-4.SP3_CP11.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.3-4.SP3.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam2-0:2.0.2.FP-1.ep1.26.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossts-1:4.2.3-2.SP5_CP10.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossweb-0:2.0.0-7.CP15.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-0:2.0.1-6.SP2_CP09.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-common-0:1.0.0-3.GA_CP06.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jgroups-1:2.4.9-1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "rh-eap-docs-0:4.3.0-8.GA_CP09.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "xalan-j2-0:2.7.1-4.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxb-0:2.1.4-1.17.patch04.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxws-0:2.1.1-1jpp.ep1.13.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP11.0jpp.ep2.0.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-annotations-0:3.3.1-2.0.GA_CP04.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "javassist-0:3.9.0-2.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-8.GA_CP09.2.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-common-0:1.2.2-1.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-messaging-0:1.4.0-4.SP3_CP11.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.3-4.SP3.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.22.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam2-0:2.0.2.FP-1.ep1.26.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossts-1:4.2.3-2.SP5_CP10.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossweb-0:2.0.0-7.CP15.0jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-0:2.0.1-6.SP2_CP09.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-common-0:1.0.0-3.GA_CP06.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jgroups-1:2.4.9-1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "quartz-0:1.5.2-1jpp.patch01.ep1.4.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "rh-eap-docs-0:4.3.0-8.GA_CP09.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "xalan-j2-0:2.7.1-4.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0963", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 5.1", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0959", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "jbossas-security-policy-cc-0:5.1.0-1.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0959", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "jboss-remoting-0:2.5.3-5.SP1.1.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0959", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "jbossws-cxf-0:3.1.2-4.SP7.6.jdk6.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0959", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "jopr-embedded-0:1.3.4-16.SP1.7.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0960", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "jbossas-security-policy-cc-0:5.1.0-1.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0960", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "jboss-remoting-0:2.5.3-5.SP1.1.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0960", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "jbossws-cxf-0:3.1.2-4.SP7.6.jdk6.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0960", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "jopr-embedded-0:1.3.4-16.SP1.7.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2010-12-08T00:00:00Z"}, {"advisory": "RHSA-2010:0962", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.1", "product_name": "Red Hat JBoss Web Platform 5.1", "release_date": "2010-12-08T00:00:00Z"}], "bugzilla": {"description": "JBoss Remoting Denial-Of-Service", "id": "641389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=641389"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data."], "name": "CVE-2010-3862", "public_date": "2010-12-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-3862\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-3862"], "threat_severity": "Low"}