Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2145

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2145
Last Modified 21 Mar 2013 11:10:06
Published 28 Sep 2012 11:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2145

Summary

Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.

Vulnerable Systems

Application

  • Apache Qpid 0.10

  • Apache Qpid 0.11

  • Apache Qpid 0.12

  • Apache Qpid 0.13

  • Apache Qpid 0.14

  • Apache Qpid 0.15

  • Apache Qpid 0.16

  • Apache Qpid 0.17

  • Apache Qpid 0.6

  • Apache Qpid 0.7

  • Apache Qpid 0.8

  • Apache Qpid 0.9


References

MISC - https://issues.apache.org/jira/browse/QPID-4021

MISC - https://issues.apache.org/jira/browse/QPID-2616

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=817175

BID - 55608

SECUNIA - 50699

SECUNIA - 50698

SECUNIA - 50573

REDHAT - RHSA-2012:1277

REDHAT - RHSA-2012:1269

XF - apache-qpid-broker-dos(78730)


Last Updated: 27 May 2016 11:00:50