Denial of Service Vulnerability in Apache Qpid by The Apache Software Foundation
CVE-2012-2145

Currently unrated

Key Information:

Vendor: Apache
Status: Qpid
Vendor: CVE Published:; 28 September 2012

Summary

Apache Qpid versions 0.17 and earlier are susceptible to a denial of service vulnerability due to inadequate restrictions on incoming client connections. This allows remote attackers to exploit the flaw by establishing an excessive number of incomplete connections, ultimately leading to file descriptor exhaustion and service disruption. To mitigate this risk, it is essential to implement connection limits and apply appropriate patches or upgrades provided by the vendor.

References

https://issues.apache.org/jira/browse/QPID-4021

x_refsource_MISC

http://rhn.redhat.com/errata/RHSA-2012-1277.html

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2012-1269.html

vendor-advisoryx_refsource_REDHAT

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 28, 2012
Vulnerability Reserved
Apr 4, 2012