PT-2019-1573 · Apache · Apache Qpid Broker-J

Published

2019-01-17

Updated

2021-07-21

CVE-2019-0200

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Qpid Broker-J versions 6.0.0 through 7.0.6 Apache Qpid Broker-J version 7.1.0

Description A Denial of Service issue was found in Apache Qpid Broker-J, allowing an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0, such as AMQP 0-8, 0-9, 0-91, and 0-10. The issue exists due to insufficient input validation.

Recommendations For Apache Qpid Broker-J versions 6.0.0 through 7.0.6, upgrade to Qpid Broker-J version 7.0.7 or later. For Apache Qpid Broker-J version 7.1.0, upgrade to Qpid Broker-J version 7.1.1 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-01104

CVE-2019-0200

GHSA-C9H6-XHG9-XXRV

Affected Products

Apache Qpid Broker-J

PT-2019-1573 · Apache · Apache Qpid Broker-J

CVE-2019-0200

Weakness Enumeration

Related Identifiers

Affected Products

References · 10