Denial of Service Vulnerability in Apache Qpid Broker-J Versions 6.1.0 to 6.1.4
CVE-2017-15701

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache Qpid Broker-j
Vendor
CVE Published:
1 December 2017

Summary

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4, a vulnerability exists that allows a remote unauthenticated attacker to exploit the broker's failure to enforce a maximum frame size in AMQP 1.0 frames. By sending specially crafted requests, an attacker can cause the server to exhaust its available memory, leading to a denial of service condition as the broker terminates unexpectedly. Older versions using different AMQP protocols are not impacted by this issue. This vulnerability emphasizes the importance of validating inputs to prevent potential resource exhaustion attacks.

Affected Version(s)

Apache Qpid Broker-J 6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.4

References

https://issues.apache.org/jira/browse/QPID-7947
x_refsource_CONFIRM
https://lists.apache.org/thread.html/4054e1c90993f337eeea...
mailing-listx_refsource_MLIST
https://qpid.apache.org/cves/CVE-2017-15701.html
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.