A vulnerability was found in Wildflys Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
The product does not release or incorrectly releases a resource before it is made available for re-use.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jboss_fuse | Redhat | 6.0.0 | 6.0.0 |
Single_sign-on | Redhat | 7.0 | 7.0 |
Openshift_application_runtimes | Redhat | - | - |
Jboss_enterprise_application_platform_continuous_delivery | Redhat | - | - |
Amq | Redhat | 2.0 | 2.0 |