[ 
https://issues.apache.org/jira/browse/DISPATCH-924?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ganesh Murthy resolved DISPATCH-924.
------------------------------------
    Resolution: Fixed

> [CVE-2017-15699] Denial of Service Vulnerability when specially crafted frame 
> is sent to the Router
> ---------------------------------------------------------------------------------------------------
>
>                 Key: DISPATCH-924
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-924
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Container
>    Affects Versions: 0.7.0, 0.8.0
>            Reporter: Ganesh Murthy
>            Assignee: Ganesh Murthy
>            Priority: Major
>             Fix For: 0.8.1, 1.0.0
>
>
> A Denial of Service vulnerability was found in Apache Qpid Dispatch Router 
> versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must 
> be able to establish an AMQP connection to the Qpid Dispatch Router and send 
> a specifically crafted AMQP frame which will cause it to segfault and shut 
> down. Any user who is able to connect to the Router may exploit the 
> vulnerability. If anonymous authentication is enabled then any remote user 
> with network access to the Router is a possible attacker. The number of 
> possible attackers is reduced if the Router is configured to require 
> authentication. Then an attacker needs to have authentic credentials which 
> are used to create a connection to the Router before proceeding to exploit 
> this vulnerability.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to