Improper Resource Shutdown or Release
CVE-2020-14307
Summary
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. This flaw affects Wildfly's jboss-ejb-client version 4.0.0.Beta1 to 4.0.34.Final.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-404 - Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use.
References
Advisory Timeline
- Published