It was found that certain malformed requests caused RichFaces to leak memory. A remote, unauthenticated attacker could use this flaw to send a large number of malformed requests to a RichFaces application that uses the Atmosphere framework, leading to a denial of service (excessive memory consumption) on the application server.
This issue has been addressed in following products:
Red Hat JBoss Web Framework Kit 2.5.0
Via RHSA-2014:0335 https://rhn.redhat.com/errata/RHSA-2014-0335.html
This issue has been addressed in the following products:
JBoss Portal 6.2.0
Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html