Skip to content

JBoss RichFaces Improper Input Validation vulnerability

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Jan 28, 2023

Package

maven org.richfaces:richfaces (Maven)

Affected versions

>= 4.3.4, <= 4.3.5
>= 5.0.0.Alpha1, < 5.0.0.Alpha3

Patched versions

5.0.0.Alpha3

Description

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.

References

Published by the National Vulnerability Database Mar 31, 2014
Published to the GitHub Advisory Database May 17, 2022
Reviewed Dec 12, 2022
Last updated Jan 28, 2023

Severity

Moderate

EPSS score

0.669%
(80th percentile)

Weaknesses

CVE ID

CVE-2014-0086

GHSA ID

GHSA-xfxv-f945-4qv6

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.