Описание
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | qpid-cpp | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | qpid-cpp | Will not fix | ||
| MRG for RHEL-5 v. 2 | qpid-cpp-mrg | Fixed | RHSA-2015:0662 | 09.03.2015 |
| MRG for RHEL-6 v.3 | python-qpid | Fixed | RHSA-2015:0707 | 19.03.2015 |
| MRG for RHEL-6 v.3 | qpid-cpp | Fixed | RHSA-2015:0707 | 19.03.2015 |
| MRG for RHEL-6 v.3 | qpid-qmf | Fixed | RHSA-2015:0707 | 19.03.2015 |
| MRG Messaging v.3 for RHEL-7 | libdb | Fixed | RHSA-2015:0708 | 19.03.2015 |
| MRG Messaging v.3 for RHEL-7 | python-qpid | Fixed | RHSA-2015:0708 | 19.03.2015 |
| MRG Messaging v.3 for RHEL-7 | qpid-cpp | Fixed | RHSA-2015:0708 | 19.03.2015 |
| MRG Messaging v.3 for RHEL-7 | qpid-qmf | Fixed | RHSA-2015:0708 | 19.03.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.9 Low
CVSS2
Связанные уязвимости
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authent ...
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
EPSS
2.9 Low
CVSS2