Vulnerability in Apache Qpid

CVE-2010-3083

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but n…

EPSS: 0.018 (83.1th percentile) — read the EPSS interpretation.

Affected products

Apache Qpid — versions 0.6, 0.5
Redhat Enterprise_mrg — versions 1.0, 1.0.1, 1.1.1
N/a — versions n/a

References

RHSA-2010:0756 (x_refsource_REDHAT, vendor-advisory, Patch, Vendor Advisory)
[oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083) (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
41710 (x_refsource_SECUNIA, third-party-advisory)
RHSA-2010:0757 (x_refsource_REDHAT, vendor-advisory, Patch, Vendor Advisory)