CVE-2017-15701

Опубликовано: 01 дек. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.

Ссылки

http://www.securityfocus.com/bid/102041
Third Party Advisory
VDB Entry
https://issues.apache.org/jira/browse/QPID-7947
Issue Tracking
Vendor Advisory
https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E
https://qpid.apache.org/cves/CVE-2017-15701.html
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/102041
Third Party Advisory
VDB Entry
https://issues.apache.org/jira/browse/QPID-7947
Issue Tracking
Vendor Advisory
https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E
https://qpid.apache.org/cves/CVE-2017-15701.html
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:*

Версия от 6.1.0 (включая) до 6.1.4 (включая)

EPSS

Процентиль: 84%

0.02276

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2017-15701

CVSS3: 7.5

debian

около 8 лет назад

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the b ...

GHSA-4r7g-7cpj-5jr7

CVSS3: 7.5

github

больше 7 лет назад

Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption

EPSS

Процентиль: 84%

0.02276

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400