It was found that certain malformed requests caused RichFaces to leak memory. A remote, unauthenticated attacker could use this flaw to send a large number of malformed requests to a RichFaces application that uses the Atmosphere framework, leading to a denial of service (excessive memory consumption) on the application server.
Upstream bug: https://issues.jboss.org/browse/RF-13250
This issue has been addressed in following products: Red Hat JBoss Web Framework Kit 2.5.0 Via RHSA-2014:0335 https://rhn.redhat.com/errata/RHSA-2014-0335.html
This issue has been addressed in the following products: JBoss Portal 6.2.0 Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html