Uploaded image for project: 'Qpid Dispatch'
  1. Qpid Dispatch
  2. DISPATCH-924

[CVE-2017-15699] Denial of Service Vulnerability when specially crafted frame is sent to the Router

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.7.0, 0.8.0
    • Fix Version/s: 0.8.1, 1.0.0
    • Component/s: Container
    • Labels:
      None

      Description

      A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down. Any user who is able to connect to the Router may exploit the vulnerability. If anonymous authentication is enabled then any remote user with network access to the Router is a possible attacker. The number of possible attackers is reduced if the Router is configured to require authentication. Then an attacker needs to have authentic credentials which are used to create a connection to the Router before proceeding to exploit this vulnerability.

        Attachments

          Activity

            People

            • Assignee:
              ganeshmurthy Ganesh Murthy
              Reporter:
              ganeshmurthy Ganesh Murthy
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: