CVE-2017-15701
published 2017-12-01CVE-2017-15701: In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | qpid_broker-j | 6.1.0 – 6.1.4 | — |
| apache_software_foundation | apache_qpid_broker-j | — | — |