CVE-2017-15701

Summary

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Qpid Broker-J6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.4affected

Weaknesses

  • Apache Qpid Broker-J Denial of Service Vulnerability

ADP Enrichment

CVE Program Container

Additional References

References