CVE-2020-14297

MEDIUM6.5EPSS 0.25%

Wildfly EJB Client causes DoS

發布日:2022/5/24修改日:2024/3/10

描述

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

受影響套件(1)

Maven/org.jboss:jboss-ejb-clientfrom 0, < 4.0.34.Final

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

參考連結(24)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-14297
PATCHhttps://github.com/wildfly/jboss-ejb-client
WEBhttps://access.redhat.com/errata/RHSA-2020:3141
WEBhttps://access.redhat.com/errata/RHSA-2020:3142
WEBhttps://access.redhat.com/errata/RHSA-2020:3143
WEBhttps://access.redhat.com/errata/RHSA-2020:3144
WEBhttps://access.redhat.com/errata/RHSA-2020:3461
WEBhttps://access.redhat.com/errata/RHSA-2020:3462
WEBhttps://access.redhat.com/errata/RHSA-2020:3463
WEBhttps://access.redhat.com/errata/RHSA-2020:3464
WEBhttps://access.redhat.com/errata/RHSA-2020:3501
WEBhttps://access.redhat.com/errata/RHSA-2020:3539
WEBhttps://access.redhat.com/errata/RHSA-2020:3637
WEBhttps://access.redhat.com/errata/RHSA-2020:3638
WEBhttps://access.redhat.com/errata/RHSA-2020:3639
WEBhttps://access.redhat.com/errata/RHSA-2020:3642
WEBhttps://access.redhat.com/errata/RHSA-2020:3817
WEBhttps://access.redhat.com/errata/RHSA-2021:3140
WEBhttps://access.redhat.com/security/cve/CVE-2020-14297
WEBhttps://access.redhat.com/solutions/21906
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1853595
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297
WEBhttps://github.com/wildfly/jboss-ejb-client/commit/e5f8e4b591f1698a53adc7e430584ca2a8fc9f1b
WEBhttps://github.com/wildfly/jboss-ejb-client/commits/4.0.34.Final