CVE-2020-14384 - Redhat Jbossweb and Redhat Jboss Enterprise Application Platform

Critical 7.5

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.

Affected software

Redhat Jbossweb

Redhat Jboss Enterprise Application Platform

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.