VYPR
Get started
← All advisories
Moderate severityNVD Advisory· Published Mar 31, 2014· Updated May 6, 2026

CVE-2014-0086

CVE-2014-0086

Description

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.richfaces:richfacesMaven
>= 4.3.4, <= 4.3.5
org.richfaces:richfacesMaven
>= 5.0.0.Alpha1, < 5.0.0.Alpha35.0.0.Alpha3

Affected products

6
  • Red Hat/Jboss Web Framework Kit
    cpe:2.3:a:redhat:jboss_web_framework_kit:2.5.0:*:*:*:*:*:*:*
  • Red Hat/Richfaces5 versions
    cpe:2.3:a:redhat:richfaces:4.3.4:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:redhat:richfaces:4.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:richfaces:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:richfaces:5.0.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:redhat:richfaces:5.0.0:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:redhat:richfaces:5.0.0:alpha3:*:*:*:*:*:*

Patches

2
8131f15003f5

RF-13250: applying patch

https://github.com/pslegr/core-1pslegrFeb 24, 2014via ghsa
commit
1 file changed · +2 2
  • impl/src/main/java/org/richfaces/webapp/PushHandlerFilter.java+2 2 modified
    @@ -78,8 +78,6 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             HttpServletResponse httpResp = (HttpServletResponse) response;
 
             if ("GET".equals(httpReq.getMethod())) {
-                Meteor meteor = Meteor.build(httpReq, SCOPE.REQUEST, Collections.<BroadcastFilter>emptyList(), null);
-
                 String pushSessionId = httpReq.getParameter(PUSH_SESSION_ID_PARAM);
 
                 Session session = null;
@@ -100,6 +98,8 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
 
                 httpResp.setContentType("text/plain");
 
+                Meteor meteor = Meteor.build(httpReq, SCOPE.REQUEST, Collections.<BroadcastFilter>emptyList(), null);
+
                 try {
                     Request pushRequest = new RequestImpl(meteor, session);
807bc411fba0

RF-13250: postpone Meteor object instantiation

https://github.com/richfaces/richfacespslegrFeb 24, 2014via ghsa
commit
1 file changed · +2 1
  • framework/src/main/java/org/richfaces/servlet/PushHandlerFilter.java+2 1 modified
    @@ -78,7 +78,6 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             HttpServletResponse httpResp = (HttpServletResponse) response;
 
             if ("GET".equals(httpReq.getMethod())) {
-                Meteor meteor = Meteor.build(httpReq, SCOPE.REQUEST, Collections.<BroadcastFilter>emptyList(), null);
 
                 String pushSessionId = httpReq.getParameter(PUSH_SESSION_ID_PARAM);
 
@@ -100,6 +99,8 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
 
                 httpResp.setContentType("text/plain");
 
+                Meteor meteor = Meteor.build(httpReq, SCOPE.REQUEST, Collections.<BroadcastFilter>emptyList(), null);
+
                 try {
                     Request pushRequest = new RequestImpl(meteor, session);

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.