Red Hat JBoss Enterprise Application Platform and JBoss Enterprise Web Platform contain a flaw that may allow a remote denial of service. The issue is triggered when the 'org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run' method in JBoss Remoting allows remote attackers to establish a bisocket control connection TCP session and then not send any application daa, resulting in a denial of service.

Upgrade JBoss Remoting to version 2.2.3.SP4 or 2.5.3.SP2 or higher, as it has been reported to fix this vulnerability. In addition, Red Hat has released patches for other affected products.

• Security Tracker: 1024813 1024840
• CVE ID: 2010-3862 (see also: NVD) 2010-4265 (see also: NVD)
• Secunia Advisory ID: 42398
• Vendor Specific News/Changelog Entry: https://bugzilla.redhat.com/show_bug.cgi?id=641389
  https://bugzilla.redhat.com/show_bug.cgi?id=660623
  https://issues.jboss.org/browse/JBREM-1261
• Other Advisory URL: https://issues.jboss.org/browse/JBPAPP-5253 [ Auth Req'd ]
• RedHat RHSA: RHSA-2010:0937 RHSA-2010:0938 RHSA-2010:0939 RHSA-2010:0959 RHSA-2010:0960 RHSA-2010:0961 RHSA-2010:0962 RHSA-2010:0963 RHSA-2010:0964 RHSA-2010:0965

• Not Available