A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Nov 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat jboss Enterprise Application Platform Eus
|
|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7 cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
Vendors & Products |
Redhat jboss Enterprise Application Platform Eus
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-12-27T15:45:33.293Z
Updated: 2024-08-02T06:48:08.117Z
Reserved: 2023-06-08T19:52:58.072Z
Link: CVE-2023-3171
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-27T16:15:13.103
Modified: 2024-11-21T08:16:37.137
Link: CVE-2023-3171
Redhat