Bug 767871 - (CVE-2011-4610) CVE-2011-4610 JBoss Web remote denial of service when surrogate pair character is placed at buffer boundary
CVE-2011-4610 JBoss Web remote denial of service when surrogate pair characte...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20120131,repo...
: Security
Depends On: 769147
Blocks: 767873 795277 810065
  Show dependency treegraph
 
Reported: 2011-12-14 23:13 EST by David Jorm
Modified: 2016-11-08 10:54 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-07 01:50:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Jorm 2011-12-14 23:13:51 EST
JBoss Web will enter into an infinite loop when a surrogate pair character is placed at the boundary of an internal buffer. A remote attacker could exploit this flaw to trigger a denial-of-service attack against a JBoss Web server that is hosting applications with UTF-8 character encoding enabled, or that will include user-supplied UTF-8 strings in a response.
Comment 7 David Jorm 2012-01-06 00:04:13 EST
Acknowledgements:

Red Hat would like to thank NTT OSSC for reporting this issue.
Comment 8 errata-xmlrpc 2012-01-31 18:06:19 EST
This issue has been addressed in following products:

  JBoss Communications Platform 5.1.3

Via RHSA-2012:0078 https://rhn.redhat.com/errata/RHSA-2012-0078.html
Comment 9 errata-xmlrpc 2012-01-31 18:06:47 EST
This issue has been addressed in following products:

   JBoss Enterprise Web Platform 5.1.2

Via RHSA-2012:0077 https://rhn.redhat.com/errata/RHSA-2012-0077.html
Comment 10 errata-xmlrpc 2012-01-31 18:07:09 EST
This issue has been addressed in following products:

  JBEWP 5 for RHEL 6
  JBEWP 5 for RHEL 4
  JBEWP 5 for RHEL 5

Via RHSA-2012:0076 https://rhn.redhat.com/errata/RHSA-2012-0076.html
Comment 11 errata-xmlrpc 2012-01-31 18:07:29 EST
This issue has been addressed in following products:

  JBoss Enterprise Application Platform 5.1.2

Via RHSA-2012:0075 https://rhn.redhat.com/errata/RHSA-2012-0075.html
Comment 12 errata-xmlrpc 2012-01-31 18:07:55 EST
This issue has been addressed in following products:

  JBEAP 5 for RHEL 6
  JBEAP 5 for RHEL 4
  JBEAP 5 for RHEL 5

Via RHSA-2012:0074 https://rhn.redhat.com/errata/RHSA-2012-0074.html
Comment 13 errata-xmlrpc 2012-02-22 00:11:26 EST
This issue has been addressed in following products:

JBoss Enterprise BRMS Platform 5.2.0, JBoss Enterprise Portal Platform 5.2.0 and JBoss Enterprise SOA Platform 5.2.0

Via RHSA-2012:0325 https://rhn.redhat.com/errata/RHSA-2012-0325.html

Note You need to log in before you can comment on or make changes to this bug.