[ https://issues.apache.org/jira/browse/DISPATCH-924?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ganesh Murthy closed DISPATCH-924. ---------------------------------- > [CVE-2017-15699] Denial of Service Vulnerability when specially crafted frame > is sent to the Router > --------------------------------------------------------------------------------------------------- > > Key: DISPATCH-924 > URL: https://issues.apache.org/jira/browse/DISPATCH-924 > Project: Qpid Dispatch > Issue Type: Bug > Components: Container > Affects Versions: 0.7.0, 0.8.0 > Reporter: Ganesh Murthy > Assignee: Ganesh Murthy > Priority: Major > Fix For: 0.8.1, 1.0.0 > > > A Denial of Service vulnerability was found in Apache Qpid Dispatch Router > versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must > be able to establish an AMQP connection to the Qpid Dispatch Router and send > a specifically crafted AMQP frame which will cause it to segfault and shut > down. Any user who is able to connect to the Router may exploit the > vulnerability. If anonymous authentication is enabled then any remote user > with network access to the Router is a possible attacker. The number of > possible attackers is reduced if the Router is configured to require > authentication. Then an attacker needs to have authentic credentials which > are used to create a connection to the Router before proceeding to exploit > this vulnerability. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org