Release date:
Updated on:
Affected Systems:
JBoss Group RichFaces
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65738
CVE (CAN) ID: CVE-2014-1266
JBoss RichFaces is a Web framework with Ajax and JSF features.
RichFaces does not properly filter some requests. unauthenticated remote attackers send a large number of malformed requests to the RichFaces application using the Atmosphere framework, this vulnerability causes Application Server Denial of Service (high memory consumption ).
<* Source: vendor
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 1067268
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
JBoss Group
-----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.jboss.org/