Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4458

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4458
Last Modified 19 Mar 2013 12:49:55
Published 13 Mar 2013 11:10:23
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4458

Summary

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.

Vulnerable Systems

Application

  • Apache Qpid 0.10

  • Apache Qpid 0.11

  • Apache Qpid 0.12

  • Apache Qpid 0.13

  • Apache Qpid 0.14

  • Apache Qpid 0.15

  • Apache Qpid 0.16

  • Apache Qpid 0.17

  • Apache Qpid 0.18

  • Apache Qpid 0.19

  • Apache Qpid 0.20

  • Apache Qpid 0.5

  • Apache Qpid 0.6

  • Apache Qpid 0.7

  • Apache Qpid 0.8

  • Apache Qpid 0.9


References

CONFIRM - https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID

CONFIRM - https://issues.apache.org/jira/browse/QPID-4629

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=861234

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1453031

SECUNIA - 52516

REDHAT - RHSA-2013:0562

REDHAT - RHSA-2013:0561


Last Updated: 27 May 2016 11:02:04