CVE-2017-15701

Name of the Vulnerable Software and Affected Versions Apache Qpid Broker-J versions 6.1.0 through 6.1.4

Description The issue arises from the broker's failure to properly enforce a maximum frame size in AMQP 1.0 frames, allowing a remote unauthenticated attacker to cause the broker to exhaust all available memory and eventually terminate. This issue does not affect older AMQP protocols.

Recommendations For Apache Qpid Broker-J versions 6.1.0 through 6.1.4, consider updating to a version that properly enforces a maximum frame size in AMQP 1.0 frames to prevent memory exhaustion. As a temporary workaround, consider restricting access to AMQP 1.0 frames until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.