Skip to main content

Improper Resource Shutdown or Release


Severity Medium
Score 6.5/10


A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. This flaw affects Wildfly's jboss-ejb-client version 4.0.0.Beta1 to 4.0.34.Final.

  • LOW
  • NONE
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-404 - Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

Advisory Timeline

  • Published