A denial of service (DoS) flaw has been indentified in the implementation of org.jboss.remoting.transport.socket.ServerThread class within the JBoss Remoting component. This flaw allows an unauthenticated attacker exhaust open file descriptors available to a server. Note that to exploit this flaw as a remote attacker, it is required that the remoting port should be exposed either directly or indirectly.
Acknowledgements: This issue was discovered by James Livingston of Red Hat Support Engineering Group.
This issue has been addressed in following products: Red Hat JBoss BRMS 5.3.1 Via RHSA-2013:1373 https://rhn.redhat.com/errata/RHSA-2013-1373.html
This issue has been addressed in following products: Red Hat JBoss Web Platform 5.2.0 Via RHSA-2013:1372 https://rhn.redhat.com/errata/RHSA-2013-1372.html
This issue has been addressed in following products: Red Hat JBoss Enterprise Application Platform 5.2.0 Via RHSA-2013:1371 https://rhn.redhat.com/errata/RHSA-2013-1371.html
This issue has been addressed in following products: JBEWP 5 for RHEL 4 JBEWP 5 for RHEL 5 JBEWP 5 for RHEL 6 Via RHSA-2013:1370 https://rhn.redhat.com/errata/RHSA-2013-1370.html
This issue has been addressed in following products: JBEAP 5 for RHEL 4 JBEAP 5 for RHEL 5 JBEAP 5 for RHEL 6 Via RHSA-2013:1369 https://rhn.redhat.com/errata/RHSA-2013-1369.html
This issue has been addressed in following products: Red Hat JBoss SOA Platform 5.3.1 Via RHSA-2013:1374 https://rhn.redhat.com/errata/RHSA-2013-1374.html
This issue has been addressed in following products: Red Hat JBoss Operations Network 3.1.2 Via RHSA-2013:1448 https://rhn.redhat.com/errata/RHSA-2013-1448.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2013:1371 https://access.redhat.com/errata/RHSA-2013:1371