CVE-2012-2145

CWE-3996 documents5 sources
Severity
5.0MEDIUM
EPSS
7.1%
top 8.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Qpid
Timeline
PublishedSep 28
Latest updateMay 17

Description

Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/qpid0.17+8

🔴Vulnerability Details

2
GHSA
GHSA-f936-v965-g74r: Apache Qpid 02022-05-17
CVEList
CVE-2012-2145: Apache Qpid 02012-09-28

📋Vendor Advisories

1
Red Hat
qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS2012-04-24

💬Community

2
Bugzilla
CVE-2012-2145 qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS [fedora-all]2012-05-09
Bugzilla
CVE-2012-2145 qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS2012-04-27
CVE-2012-2145 (MEDIUM CVSS 5) | Apache Qpid 0.17 and earlier does n | cvebase.io