Описание
A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down.
Меры по смягчению последствий
To protect against this vulnerability, users need to ensure the interconnect route endpoints are protected by authentication. Please refer to official documentation on how to secure the endpoints: https://access.redhat.com/documentation/en-us/red_hat_jboss_amq/7.0/html-single/using_amq_interconnect/#security-1
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss A-MQ 6 | Interconnect | Out of support scope | ||
| Red Hat Satellite 6.3 for RHEL 7 | candlepin | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-bootloaders-redhat | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-discovery-image | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-installer | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-proxy | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-selinux | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | hiera | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | katello | Fixed | RHSA-2018:0336 | 21.02.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
6 Medium
CVSS3
Связанные уязвимости
A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down.
A Denial of Service vulnerability was found in Apache Qpid Dispatch Ro ...
A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down.
EPSS
6 Medium
CVSS3