Denial Of Service (DoS)

virtualbox:sid is vulnerable to denial of service. A flaw was found in the way that qpidd handled incoming connections. If a client application were to send a large number of connections to qpidd, without terminating the connections with an incomplete handshake, qpidd would keep a file descriptor...

Denial Of Service (DoS)

qpid is vulnerable to denial of service. It was found that the AMQP type decoder in qpidd allowed arbitrary data types in certain messages. A remote attacker could use this flaw to send a message containing an excessively large amount of data, causing qpidd to allocate a large amount of memory an...

Design/Logic Flaw

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service daemon crash via an AMQP message with 1 an invalid range in a sequence set, 2 content-bearing methods other than message-transfer, or 3 a session-gap control before a corresponding...

CVE-2015-0203

CVE-2015-0203 affects the qpidd broker in Apache Qpid 0.30 and earlier. Root cause: mishandling of AMQP messages allows remote authenticated users to cause a denial of service (daemon crash) via (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3...

CVE-2015-0224

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203...

Red Hat 389 Administration Server Elevation of Privilege Vulnerability

Red Hat 389 Administration Server is an enterprise-class Linux directory server from Red Hat. The server fully supports the LDAPv3 specification and features scalability, multi-master replication, and more. A security vulnerability exists in Red Hat 389 Administration Server versions prior to...

qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd...

qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd...

qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd...

qpid-cpp: anonymous access to qpidd cannot be prevented

It was discovered that the Qpid daemon qpidd did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed...

qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd...

qpid-cpp: anonymous access to qpidd cannot be prevented

It was discovered that the Qpid daemon qpidd did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed...

qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd...

qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd...

qpid-cpp: anonymous access to qpidd cannot be prevented

It was discovered that the Qpid daemon qpidd did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed...

UBUNTU-CVE-2015-0223

Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling...

CVE-2015-0223

The vulnerability CVE-2015-0223 affects Apache Qpid 0.30 and earlier, where remote attackers could bypass qpidd access restrictions due to issues in 0-10 connection handling. Impact is unauthorized access risk without explicit exploit details provided; affected components are the qpidd broker in ...

CVE-2015-0224: qpidd can be crashed by unauthenticated user

Apache Software Foundation - Security Advisory qpidd can be crashed by unauthenticated user CVE-2015-0224 CVS: 7.8 Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Qpid's qpidd up to and including version 0.30 Description: In CVE-2015-0203 it was announced that...

CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user

Apache Software Foundation - Security Advisory Apache Qpid's qpidd can be crashed by authenticated user CVE-2015-0203 CVS: 5.2 Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Qpid's qpidd up to and including version 0.30 Description: Certain unexpected protocol...

CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests

Apache Software Foundation - Security Advisory Apache Qpid's qpidd can be induced to make http requests CVE-2014-3629 CVS: 3 Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Qpid's qpidd up to and including version 0.30, where xml exchange module is loaded Descriptio...