CVE-2019-0200

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Qpid Broker-j
Vendor: CVE Published:; 6 March 2019

Summary

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later.

Affected Version(s)

Apache Qpid Broker-J Apache Qpid Broker-J 6.0.0 to 7.0.6 (inclusive), 7.1.0

References

https://lists.apache.org/thread.html/ac79d48de37d42b64da5...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/107215

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 6, 2019
Vulnerability Reserved
Nov 14, 2018