Denial of Service Vulnerability in JBoss Web with Crafted UTF-8 and Surrogate Pair Character

Denial of Service Vulnerability in JBoss Web with Crafted UTF-8 and Surrogate Pair Character

CVE-2011-4610 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer."

Learn more about our Web App Pen Testing.