Denial of Service Vulnerability in Apache Qpid by Remote Attackers
CVE-2012-4458

Currently unrated

Key Information:

Vendor

Apache
Status
Qpid
Vendor
CVE Published:
14 March 2013

What is CVE-2012-4458?

The AMQP type decoder in Apache Qpid 0.20 and earlier is susceptible to a denial of service attack. By sending a significant number of zero width elements in the client-properties map within a 'connection.start-ok' message, remote attackers can trigger excessive memory consumption, potentially leading to server crashes. This vulnerability poses serious operational risks for any deployment of affected versions of Apache Qpid.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugzilla.redhat.com/show_bug.cgi?id=861234
x_refsource_MISC
https://issues.apache.org/jira/issues/?jql=fixVersion%20%...
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-0561.html
vendor-advisoryx_refsource_REDHAT

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.