JBoss Remoting RemoteMessageChannel DoS (intrusive check)
Medium Nessus Plugin ID 121515
SynopsisA JBoss Remoting service running on the remote host is affected by a denial of service (DoS) vulnerability.
DescriptionA denial of service (DoS) vulnerability exists in JBoss Remoting due to the way RemoteMessageChannel, introduced in version 3.3.10.Final-redhat-1, reads from an empty buffer. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to cause the JBoss Remoting service running in an infinite loop resulting in high CPU usage.
SolutionUpgrade to JBoss Remoting version 3.3.12.Final-redhat-2 or later / JBoss Enterprise Application Platform 6.4.19 or later.