CVE-2015-0203

CWE-1912 documents6 sources

Severity

6.5MEDIUM

EPSS

17.0%

top 5.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Qpid

Timeline

PublishedFeb 21

Latest updateMay 14

Description

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDapache/qpid0.30

🔴Vulnerability Details

GHSA

GHSA-2cpf-hgj9-5h23: The qpidd broker in Apache Qpid 0↗2022-05-14

▶

CVEList

CVE-2015-0203: The qpidd broker in Apache Qpid 0↗2018-02-21

▶

OSV

CVE-2015-0203: The qpidd broker in Apache Qpid 0↗2018-02-21

▶

📋Vendor Advisories

Red Hat

qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)↗2015-01-27

▶

Red Hat

qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling↗2015-01-13

▶

💬Community

Bugzilla

CVE-2015-0203 qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling [epel-7]↗2017-07-17

▶

Bugzilla

CVE-2015-0203 qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling [fedora-all]↗2017-07-17

▶

Bugzilla

CVE-2015-0224 qpid-cpp: qpidd can be crashed by unauthenticated user (incomplete fix for CVE-2015-0203) [fedora-all]↗2015-01-27

▶

Bugzilla

CVE-2015-0224 qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)↗2015-01-27

▶

Bugzilla

CVE-2015-0224 qpid-cpp: qpidd can be crashed by unauthenticated user (incomplete fix for CVE-2015-0203) [epel-7]↗2015-01-27

▶