CVE-2009-5006

Name of the Vulnerable Software and Affected Versions Apache Qpid versions prior to 0.6 Red Hat Enterprise MRG versions prior to 1.3

Description The issue allows remote authenticated users to cause a denial of service, resulting in a NULL pointer dereference, daemon crash, and cluster outage. This occurs when attempting to modify the alternate of an exchange, specifically through the SessionAdapter::ExchangeHandlerImpl::checkAlternate function in the C++ Broker component.

Recommendations For Apache Qpid versions prior to 0.6, update to version 0.6 or later to resolve the issue. For Red Hat Enterprise MRG versions prior to 1.3, update to version 1.3 or later to resolve the issue.