Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-0224

Опубликовано: 27 янв. 2015
Источник: redhat
CVSS2: 2.9
EPSS Средний

Описание

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.

A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6qpid-cppWill not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7qpid-cppWill not fix
MRG for RHEL-5 v. 2qpid-cpp-mrgFixedRHSA-2015:066209.03.2015
MRG for RHEL-6 v.3python-qpidFixedRHSA-2015:070719.03.2015
MRG for RHEL-6 v.3qpid-cppFixedRHSA-2015:070719.03.2015
MRG for RHEL-6 v.3qpid-qmfFixedRHSA-2015:070719.03.2015
MRG Messaging v.3 for RHEL-7libdbFixedRHSA-2015:070819.03.2015
MRG Messaging v.3 for RHEL-7python-qpidFixedRHSA-2015:070819.03.2015
MRG Messaging v.3 for RHEL-7qpid-cppFixedRHSA-2015:070819.03.2015
MRG Messaging v.3 for RHEL-7qpid-qmfFixedRHSA-2015:070819.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1186302qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)

EPSS

Процентиль: 98%
0.57415
Средний

2.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-0224

CVSS3: 7.5
ubuntu
больше 8 лет назад

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.

nvd логотип

CVE-2015-0224

CVSS3: 7.5
nvd
больше 8 лет назад

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.

debian логотип

CVE-2015-0224

CVSS3: 7.5
debian
больше 8 лет назад

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause ...

github логотип

GHSA-qrxf-m4mx-cp67

CVSS3: 7.5
github
больше 3 лет назад

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.

EPSS

Процентиль: 98%
0.57415
Средний

2.9 Low

CVSS2