CVE-2020-14307

Summary

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

Affected Software

VendorProductVersion RangeStatus
Red Hatwildflyjboss-ejb-client versions shipped with Red Hat JBoss EAP 7affected

Weaknesses

  • CWE-404: CWE-404

ADP Enrichment

CVE Program Container

Additional References

References