CVE-2009-5006 — Apache Qpid vulnerability

5 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.5%

top 35.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Qpid Redhat Enterprise MRG

Timeline

PublishedOct 18

Latest updateMay 2

Description

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDapache/qpid0.5

▶NVDredhat/enterprise_mrg1.2.2+7

Patches

Patch: svn.apache.org ↗Patch: issues.apache.org ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-8wmw-6vpm-257g: The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter↗2022-05-02

▶

CVEList

CVE-2009-5006: The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter↗2010-10-18

▶

📋Vendor Advisories

Red Hat

qpid: crash when redeclaring the exchange with specified alternate_exchange↗2009-08-16

▶

💬Community

Bugzilla

CVE-2009-5006 qpid: crash when redeclaring the exchange with specified alternate_exchange↗2010-10-12

▶