Apache Qpid incomplete repair of Multiple Denial of Service Vulnerabilities (CVE-2015-0224)
Release date:
Updated on:
Affected Systems:
Apache Group Qpid <= 0.30
Description:
Bugtraq id: 72317
CVE (CAN) ID: CVE-2015-0224
Apache Qpid (Open Source AMQP Messaging) is a cross-platform enterprise communication solution that implements the Advanced Message Queue Protocol.
Due to invalid checks in versions earlier than Apache Qpid 0.31, some unexpected protocol sequences can cause the proxy process to crash. This vulnerability occurs because a single range in the sequence sent by an attacker exceeds the maximum value.
<* Source: G. gesev
Link: http://www.securityfocus.com/archive/1/534545
*>
Suggestion:
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://issues.apache.org/jira/browse/QPID-6310
Https://issues.apache.org/jira/secure/attachment/12694234/QPID-6310.additional.patch
Https://issues.apache.org/jira/secure/attachment/12694235/QPID-6310.consolidated.patch
Https://issues.apache.org/jira/secure/attachment/12691920/QPID-6310.patch
Introduction to message-oriented middleware Apache Qpid
Qpid details: click here
Qpid: click here
This article permanently updates the link address: