CVE-2017-15701
N/A
N/A
Summary
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Qpid Broker-J | 6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.4 | affected |
Weaknesses
- Apache Qpid Broker-J Denial of Service Vulnerability
ADP Enrichment
CVE Program Container
Additional References
- https://issues.apache.org/jira/browse/QPID-7947
- https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E
- https://qpid.apache.org/cves/CVE-2017-15701.html
- http://www.securityfocus.com/bid/102041
References
- https://issues.apache.org/jira/browse/QPID-7947
- https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E
- https://qpid.apache.org/cves/CVE-2017-15701.html
- http://www.securityfocus.com/bid/102041
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.