CVE-2010-3862 [Low] | Input Validation Bypass in Jboss Remoting

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-14	1.39%	1.68%	+0.29%
2	2025-03-30	2.57%	1.39%	-1.18%
3	2025-03-29	—	2.57%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-12-14

1.39%

1.68%

+0.29%

2025-03-30

2.57%

1.39%

-1.18%

2025-03-29

—

2.57%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
2.6	2.0	LOW	`AV:N/AC:H/Au:N/C:N/I:N/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:H) Exploitation requires uncommon or highly specific conditions. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:P) Partial availability impact.	4.9	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

2.6

2.0

LOW

AV:N/AC:H/Au:N/C:N/I:N/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:H): Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:P): Partial availability impact.

4.9

2.9

[email protected]

OS Trackers for CVE-2010-3862

vendor	priority	summary	link
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2010-3862
`ubuntu`	medium	CVE-2010-3862 medium priority: Ubuntu including 1 source packages (jbossas4), 23 status rows across 23 suites (artful, bionic, cosmic, dapper, disco, hardy, karmic, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 11, ignored 11, needs-triage 1.	https://ubuntu.com/security/CVE-2010-3862

Affected software / configurations for CVE-2010-3862

Vendor	Product	Version	Raw CPE
redhat	jboss_remoting	2.2.0	cpe:2.3:a:redhat:jboss_remoting:2.2.0:::::::*
redhat	jboss_remoting	2.2.2	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp10::::::
redhat	jboss_remoting	2.2.2	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp11::::::
redhat	jboss_remoting	2.2.2	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp2::::::
redhat	jboss_remoting	2.2.2	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp4::::::
redhat	jboss_remoting	2.2.2	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp7::::::
redhat	jboss_remoting	2.2.2	cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp8::::::
redhat	jboss_remoting	2.2.3	cpe:2.3:a:redhat:jboss_remoting:2.2.3:::::::*
redhat	jboss_remoting	2.2.3	cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp1::::::
redhat	jboss_remoting	2.2.3	cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp2::::::
redhat	jboss_remoting	2.2.3	cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp3::::::
redhat	jboss_enterprise_application_platform	4.3.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:::::::*
redhat	jboss_enterprise_application_platform	4.3.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01::::::
redhat	jboss_enterprise_application_platform	4.3.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02::::::
redhat	jboss_enterprise_application_platform	4.3.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03::::::
redhat	jboss_enterprise_application_platform	4.3.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04::::::
redhat	jboss_enterprise_application_platform	4.3.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05::::::
redhat	jboss_enterprise_application_platform	4.3.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06::::::
redhat	jboss_enterprise_application_platform	4.3.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07::::::
redhat	jboss_enterprise_application_platform	4.3.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp08::::::
redhat	jboss_enterprise_application_platform	4.3.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09::::::
redhat	jboss_enterprise_application_platform	5.1.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:::::::*
redhat	jboss_enterprise_web_platform	5.1.0	cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:::::::*

References for CVE-2010-3862

URL	Tags
http://securitytracker.com/id?1024813
http://www.redhat.com/support/errata/RHSA-2010-0937.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0938.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0939.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0959.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0960.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0961.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0962.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0963.html	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=641389	Patch
https://issues.jboss.org/browse/JBPAPP-5253
https://issues.jboss.org/browse/JBREM-1261

URL

CVE-2010-3862

Exploit prediction scoring system (EPSS) score for CVE-2010-3862

Common vulnerability scoring system (CVSS) metrics for CVE-2010-3862

Weakness enumeration for CVE-2010-3862

OS Trackers for CVE-2010-3862

Affected software / configurations for CVE-2010-3862

References for CVE-2010-3862