CVE-2018-8030

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGH

EPSS

0.9%

top 24.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Qpid Broker-j Apache Software Foundation Apache Qpid Broker-j

Timeline

PublishedJun 20

Latest updateOct 16

Description

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5apache_software_foundation/apache_qpid_broker-j7.0.0, 7.0.1, 7.0.2, 7.0.3

▶Mavenorg.apache.qpid:apache-qpid-broker-j7.0.0 — 7.1.0

▶NVDapache/qpid_broker-j7.0.0 — 7.0.4

🔴Vulnerability Details

OSV

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents↗2018-10-16

▶

GHSA

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents↗2018-10-16

▶

CVEList

CVE-2018-8030: A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7↗2018-06-19

▶