CVE-2015-0203

Name of the Vulnerable Software and Affected Versions Apache Qpid versions 0.30 and earlier

Description The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash. This can be achieved through an AMQP message with specific characteristics, including an invalid range in a sequence set, content-bearing methods other than message-transfer, or a session-gap control before a corresponding session-attach.

Recommendations For Apache Qpid versions 0.30 and earlier, consider restricting access to the qpidd broker to minimize the risk of exploitation until a fix is available. As a temporary workaround, monitor the daemon for crashes and restart it as necessary to maintain service availability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.