CVE-2019-0200

CWE-20 — Improper Input Validation9 documents6 sources

Severity

7.5HIGH

EPSS

2.9%

top 13.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Qpid Broker-j Apache Software Foundation Apache Qpid Broker-j

Timeline

PublishedMar 6

Latest updateAug 9

Description

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5apache_software_foundation/apache_qpid_broker-jApache Qpid Broker-J 6.0.0 to 7.0.6 (inclusive), 7.1.0

▶Mavenorg.apache.qpid:apache-qpid-broker-j7.1.0 — 7.1.1+1

▶NVDapache/qpid_broker-j6.0.0 — 7.0.6+1

🔴Vulnerability Details

GHSA

Improper Input Validation in Apache Qpid Broker-J↗2019-03-07

▶

OSV

Improper Input Validation in Apache Qpid Broker-J↗2019-03-07

▶

CVEList

CVE-2019-0200: A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6↗2019-03-06

▶

📋Vendor Advisories

Red Hat

qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service↗2019-03-01

▶

💬Community

Bugzilla

CVE-2019-1010189 mgetty: opening a specially crafted file leads to an infinite loop and DoS↗2019-08-09

▶

Bugzilla

CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service↗2019-03-04

▶

Bugzilla

CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service [fedora-all]↗2019-03-04

▶

Bugzilla

CVE-2019-3831 vdsm: privilege escalation to root via systemd_run↗2019-02-14

▶