Vulnerability Details : CVE-2015-5220
The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-5220
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_wildfly_application_server:*:cr8:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5220
2.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5220
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-5220
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5220
-
http://rhn.redhat.com/errata/RHSA-2015-1904.html
RHSA-2015:1904 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1905.html
RHSA-2015:1905 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1519.html
RHSA-2016:1519 - Security Advisory - Red Hat Customer PortalPatch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1908.html
Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1906.html
RHSA-2015:1906 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1255597
1255597 – (CVE-2015-5220) CVE-2015-5220 OOME from EAP 6 http management consoleIssue Tracking;Vendor Advisory
-
http://www.securitytracker.com/id/1033859
JBoss Enterprise Application Platform Bugs Let Remote Users Deny Service and Conduct Clickjacking and Cross-Site Request Forgery Attacks - SecurityTrackerThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2015-1907.html
RHSA-2015:1907 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to