What is CVE-2014-0086?

CVE-2014-0086 is a vulnerability in Redhat Jboss_web_framework_kit, classified under Improper Input Validation. Published 2014-03-31.

Is CVE-2014-0086 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Redhat Jboss_web_framework_kit

CVE-2014-0086

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere pu…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.006 (71.0th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_web_framework_kit — versions 2.5.0
Redhat Richfaces — versions 4.3.4, 4.3.5, 5.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

RHSA-2014:0335 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
57053 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2014-0086?: CVE-2014-0086 is a vulnerability in Redhat Jboss_web_framework_kit, classified under Improper Input Validation. Published 2014-03-31.
Is CVE-2014-0086 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.