Main
Vulnerability Database
Exploits
ID:6426 - Exploit for Infinite loop in JBoss Application Server - CVE-2018-1041
ID:6426 - Exploit for Infinite loop in JBoss Application Server - CVE-2018-1041
Published: June 17, 2021
Vulnerability identifier: #VU10381
Vulnerability risk: Low
CVE-ID: CVE-2018-1041
CWE-ID: CWE-835
Exploitation vector: Adjecent network
Vulnerable software:
JBoss Application Server
JBoss Application Server
Link to public exploit:
Vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to an error when handling malicious input. An adjacent attacker can send specially crafted data to trigger an empty buffer read error in RemoteMessageChannel, consume excessive CPU resources and cause the application to enter an infinite loop and then the service to crash.
The weakness exists due to an error when handling malicious input. An adjacent attacker can send specially crafted data to trigger an empty buffer read error in RemoteMessageChannel, consume excessive CPU resources and cause the application to enter an infinite loop and then the service to crash.
Remediation
Install update from vendor's website.