CVE-2018-1298

CWE-20Improper Input ValidationCWE-3587 documents6 sources
Severity
5.9MEDIUM
EPSS
0.8%
top 26.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Qpid Broker-jApache Qpid Broker-j
Timeline
PublishedFeb 9
Latest updateOct 19

Description

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentication of incoming AMQP connections in Apache Qpid Broker-J is performed by special entities called "Authentication Providers". Each Authentication

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j2018-10-19
GHSA
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j2018-10-19
CVEList
CVE-2018-1298: A Denial of Service vulnerability was found in Apache Qpid Broker-J 72018-02-09

📋Vendor Advisories

1
Red Hat
qpid-java: Incorrect implementation of some SASL mechanisms can allow a remote unauthenticated attacker to cause a denial of service2017-11-21

💬Community

2
Bugzilla
CVE-2018-1298 qpid-java: Incorrect implementation of some SASL mechanisms can allow a remote unauthenticated attacker to cause a denial of service [fedora-all]2018-02-09
Bugzilla
CVE-2018-1298 qpid-java: Incorrect implementation of some SASL mechanisms can allow a remote unauthenticated attacker to cause a denial of service2018-02-09
CVE-2018-1298 (MEDIUM CVSS 5.9) | A Denial of Service vulnerability w | cvebase.io