Red Hat Enterprise Application Platform And WildFly Memory Consumption Vulnerabilities

Summary

The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.

Credit:

The information has been provided by Jason Greene from Red Hat.


Details

Vulnerable Systems:
 * Red Hat Enterprise Application Platform before 6.4.4

Immune Systems:
 * Red Hat Enterprise Application Platform after 6.4.4

Several vulnerabilities were reported in JBoss Enterprise Application Platform. A remote user can conduct cross-site request forgery attacks. A remote user can consume excessive memory on the target system. A remote user can conduct click-jacking attacks. A remote user can create a specially crafted HTML page or URL that, when loaded by the target authenticated user, will exploit a flaw in the EAP Web Console and take actions on the target interface acting as the target user

CVE Information:
CVE-2015-5220

Disclosure Timeline:
Original release date: 10/27/2015
Last revised: 10/28/2015

Categories: News