PT-2010-4534 · Apache · Apache Qpid

Vincent Danen

Published

2010-10-12

Updated

2021-07-15

CVE-2010-3083

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache Qpid versions prior to 1.2.2

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon outage. This occurs when an attacker connects to the SSL port but does not participate in an SSL handshake. The estimated number of potentially affected devices and details about real-world incidents are not specified.

Recommendations For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSL port to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-3083

RHSA-2010:0756

RHSA-2010:0757

Affected Products

Apache Qpid

PT-2010-4534 · Apache · Apache Qpid

CVE-2010-3083

Related Identifiers

Affected Products

References · 7