Moderate severityNVD Advisory· Published Mar 31, 2014· Updated Jun 17, 2026
CVE-2014-0086
CVE-2014-0086
Description
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.richfaces:richfacesMaven | >= 4.3.4, <= 4.3.5 | — |
org.richfaces:richfacesMaven | >= 5.0.0.Alpha1, < 5.0.0.Alpha3 | 5.0.0.Alpha3 |
Affected products
7- cpe:2.3:a:redhat:jboss_web_framework_kit:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:richfaces:4.3.4:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:redhat:richfaces:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:5.0.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:5.0.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:redhat:richfaces:5.0.0:alpha3:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- issues.jboss.org/browse/RF-13250nvdPatchWEB
- github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757nvdExploitPatchWEB
- secunia.com/advisories/57053nvdVendor Advisory
- github.com/advisories/GHSA-xfxv-f945-4qv6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-0086ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2014-0335.htmlnvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/richfaces/richfaces/commit/807bc411fba070f78c5193cc03d54ab8aa39c36dghsaWEB
News mentions
0No linked articles in our index yet.