CVE-2018-1041

HIGH

jboss-remoting - Denial of Service via RemoteMessageChannel Infinite Loop

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1041. PoCs published by Frank Spierings.

AI-analyzed exploit summary This exploit sends four null bytes to trigger a denial of service in JBoss Remoting, causing CPU spikes on the target system. It leverages a vulnerability in JBoss EAP versions prior to 6.14.19.

Description

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

Exploits (1)

exploitdb WORKING POC

by Frank Spierings · textdosmultiple

https://www.exploit-db.com/exploits/44099

View Code ZIP pw:eip

This exploit sends four null bytes to trigger a denial of service in JBoss Remoting, causing CPU spikes on the target system. It leverages a vulnerability in JBoss EAP versions prior to 6.14.19.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: JBoss EAP 6.14.18 and earlier

No auth needed

Prerequisites: Network access to the target's JBoss Remoting port (4447 or 9999)

MITRE ATT&CK