CVE-2014-0086 — Vulnetix

Try Vulnetix Request Demo

CVE-2014-0086 PUBLISHED CVSS 4.300000190734863 MEDIUM

Reported by redhat · Published March 28, 2014

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.

Risk Scores

CVSS v2.0

4.300000190734863

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
Maven	org.richfaces.core:richfaces-core-impl	4-alpha0, 4-alpha0, 4-alpha0
Maven	org.richfaces:richfaces	4.3.4, 4.3.4, 4.3.4
n/a	n/a	n/a, n/a, n/a

Timeline

Mar 28, 2014 CVE Published
Dec 15, 2017 CVE Updated
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

RHSA-2014:0335 vendor-advisoryx_refsource_REDHAT
x_refsource_CONFIRM
x_refsource_CONFIRM
x_refsource_CONFIRM
57053 third-party-advisoryx_refsource_SECUNIA
https://bugzilla.redhat.com/CVE-2014-0086 url
https://nvd.nist.gov/vuln/detail/CVE-2014-0086 advisory
https://github.com/advisories/GHSA-xfxv-f945-4qv6 advisory
https://github.com/richfaces/richfaces/commit/807bc411fba070f78c5193cc03d54ab8aa39c36d patch
https://github.com/richfaces/richfaces url

Open in Interactive Console →