The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.
Conclusion & alert: CVE-2010-4265 is rated Low Risk (39.3/100): CVSS Low severity, with medium exploitation likelihood (EPSS 2.13%). Core evidence: EPSS rose +1.10% over the last day, indicating growing attacker interest. Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 1.03% | 2.13% | +1.10% |
| 2 | 2025-03-30 | 2.00% | 1.03% | -0.97% |
| 3 | 2025-03-29 | — | 2.00% | — |
Full EPSS history (7 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 2.6 | 2.0 | LOW |
|
4.9 | 2.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
redhat
|
low | — | https://access.redhat.com/security/cve/CVE-2010-4265 |
ubuntu
|
medium | CVE-2010-4265 medium priority: Ubuntu including 1 source packages (jbossas4), 22 status rows across 22 suites (artful, bionic, cosmic, dapper, hardy, karmic, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): ignored 11, DNE 10, not-affected 1. | https://ubuntu.com/security/CVE-2010-4265 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| redhat | jboss_remoting | 2.2.0 | cpe:2.3:a:redhat:jboss_remoting:2.2.0:*:*:*:*:*:*:* |
| redhat | jboss_remoting | 2.2.2 | cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp10:*:*:*:*:*:* |
| redhat | jboss_remoting | 2.2.2 | cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp11:*:*:*:*:*:* |
| redhat | jboss_remoting | 2.2.2 | cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp2:*:*:*:*:*:* |
| redhat | jboss_remoting | 2.2.2 | cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp4:*:*:*:*:*:* |
| redhat | jboss_remoting | 2.2.2 | cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp7:*:*:*:*:*:* |
| redhat | jboss_remoting | 2.2.2 | cpe:2.3:a:redhat:jboss_remoting:2.2.2:sp8:*:*:*:*:*:* |
| redhat | jboss_remoting | 2.2.3 | cpe:2.3:a:redhat:jboss_remoting:2.2.3:*:*:*:*:*:*:* |
| redhat | jboss_remoting | 2.2.3 | cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp1:*:*:*:*:*:* |
| redhat | jboss_remoting | 2.2.3 | cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp2:*:*:*:*:*:* |
| redhat | jboss_remoting | 2.2.3 | cpe:2.3:a:redhat:jboss_remoting:2.2.3:sp3:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 4.3.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 4.3.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 4.3.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 4.3.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 4.3.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 4.3.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 4.3.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 4.3.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 4.3.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp08:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 4.3.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp09:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform | 5.1.0 | cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:* |
| redhat | jboss_enterprise_web_platform | 5.1.0 | cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:* |