CVE-2011-4610
JBoss Web remote denial of service when surrogate pair character is placed at buffer boundary
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer."
JBoss Web, utilizado en Red Hat JBoss Communications Platform anterior a 5.1.3, Enterprise Web Platform anterior a 5.1.2, Enterprise Application Platform anterior a 5.1.2 y otros productos, permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de vectores relacionados con un UTF-8 manipulado y un "caracter de par subrogado" que está "en el límite de un buffer interno."
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-11-29 CVE Reserved
- 2012-02-01 CVE Published
- 2023-09-23 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/78775 | Vdb Entry | |
| http://www.securityfocus.com/bid/51829 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-0074.html | 2014-03-06 | |
| http://rhn.redhat.com/errata/RHSA-2012-0075.html | 2014-03-06 | |
| http://rhn.redhat.com/errata/RHSA-2012-0076.html | 2014-03-06 | |
| http://rhn.redhat.com/errata/RHSA-2012-0077.html | 2014-03-06 | |
| http://rhn.redhat.com/errata/RHSA-2012-0078.html | 2014-03-06 | |
| http://rhn.redhat.com/errata/RHSA-2012-0325.html | 2014-03-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=767871 | 2012-02-22 | |
| https://access.redhat.com/security/cve/CVE-2011-4610 | 2012-02-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Communications Platform Search vendor "Redhat" for product "Jboss Communications Platform" | <= 5.1 Search vendor "Redhat" for product "Jboss Communications Platform" and version " <= 5.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | <= 5.1.2 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version " <= 5.1.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Brms Platform Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" | <= 5.1.0 Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" and version " <= 5.1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Web Platform Search vendor "Redhat" for product "Jboss Enterprise Web Platform" | <= 5.1.2 Search vendor "Redhat" for product "Jboss Enterprise Web Platform" and version " <= 5.1.2" | - |
Affected
| ||||||