CVE-2020-14307

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14307 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:amq:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_continuous_delivery:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

History

12 Feb 2023, 23:39

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3142', 'name': 'https://access.redhat.com/errata/RHSA-2020:3142', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3463', 'name': 'https://access.redhat.com/errata/RHSA-2020:3463', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3638', 'name': 'https://access.redhat.com/errata/RHSA-2020:3638', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3539', 'name': 'https://access.redhat.com/errata/RHSA-2020:3539', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3817', 'name': 'https://access.redhat.com/errata/RHSA-2020:3817', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3464', 'name': 'https://access.redhat.com/errata/RHSA-2020:3464', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3144', 'name': 'https://access.redhat.com/errata/RHSA-2020:3144', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3143', 'name': 'https://access.redhat.com/errata/RHSA-2020:3143', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1851327', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1851327', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3637', 'name': 'https://access.redhat.com/errata/RHSA-2020:3637', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2020-14307', 'name': 'https://access.redhat.com/security/cve/CVE-2020-14307', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3461', 'name': 'https://access.redhat.com/errata/RHSA-2020:3461', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3501', 'name': 'https://access.redhat.com/errata/RHSA-2020:3501', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3462', 'name': 'https://access.redhat.com/errata/RHSA-2020:3462', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3642', 'name': 'https://access.redhat.com/errata/RHSA-2020:3642', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3141', 'name': 'https://access.redhat.com/errata/RHSA-2020:3141', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2020:3639', 'name': 'https://access.redhat.com/errata/RHSA-2020:3639', 'tags': [], 'refsource': 'MISC'}
Summary A vulnerability was found in Wildfly's Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

02 Feb 2023, 21:19

Type Values Removed Values Added
Summary A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. A vulnerability was found in Wildfly's Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
References
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3142 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3463 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3638 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3539 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3817 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3464 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3144 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3143 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1851327 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3637 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2020-14307 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3461 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3501 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3462 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3642 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3141 -
  • (MISC) https://access.redhat.com/errata/RHSA-2020:3639 -

04 Nov 2021, 16:01

Type Values Removed Values Added
CWE CWE-400 CWE-404

Information

Published : 2020-07-24 16:15

Updated : 2023-12-10 13:27


NVD link : CVE-2020-14307

Mitre link : CVE-2020-14307

CVE.ORG link : CVE-2020-14307


JSON object : View

Products Affected

redhat

  • jboss_enterprise_application_platform_continuous_delivery
  • jboss_fuse
  • openshift_application_runtimes
  • single_sign-on
  • amq
CWE
CWE-404

Improper Resource Shutdown or Release