[
https://issues.apache.org/jira/browse/DISPATCH-924?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ganesh Murthy closed DISPATCH-924.
----------------------------------
> [CVE-2017-15699] Denial of Service Vulnerability when specially crafted frame
> is sent to the Router
> ---------------------------------------------------------------------------------------------------
>
> Key: DISPATCH-924
> URL: https://issues.apache.org/jira/browse/DISPATCH-924
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Container
> Affects Versions: 0.7.0, 0.8.0
> Reporter: Ganesh Murthy
> Assignee: Ganesh Murthy
> Priority: Major
> Fix For: 0.8.1, 1.0.0
>
>
> A Denial of Service vulnerability was found in Apache Qpid Dispatch Router
> versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must
> be able to establish an AMQP connection to the Qpid Dispatch Router and send
> a specifically crafted AMQP frame which will cause it to segfault and shut
> down. Any user who is able to connect to the Router may exploit the
> vulnerability. If anonymous authentication is enabled then any remote user
> with network access to the Router is a possible attacker. The number of
> possible attackers is reduced if the Router is configured to require
> authentication. Then an attacker needs to have authentic credentials which
> are used to create a connection to the Router before proceeding to exploit
> this vulnerability.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
