Amq
CVE-2020-14297
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
AnalysisAI
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable. Affected products include: Redhat Amq, Redhat Jboss-Ejb-Client, Redhat Jboss Enterprise Application Platform Continuous Delivery, Redhat Jboss Fuse, Redhat Openshift Application Runtimes.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. Rated high severity (CVSS 8.8), this vulnera
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerab
Console: CORS headers set to allow all in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where Sess
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today