Vulnerability in Apache Qpid
CVE-2012-2145
Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
EPSS: 0.071 (91.7th percentile) — read the EPSS interpretation.
Affected products
- Apache Qpid — versions 0.6, 0.7, 0.8
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_MISC)
- RHSA-2012:1277 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2012:1269 (x_refsource_REDHAT, vendor-advisory)
- 50699 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 50698 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- apache-qpid-broker-dos(78730) (vdb-entry, x_refsource_XF)
- 55608 (vdb-entry, x_refsource_BID)
- 50573 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (x_refsource_MISC)