CVE-2017-15701
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
01/12/2017
Last modified:
20/04/2025
Description
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:* | 6.1.0 (including) | 6.1.4 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/102041
- https://issues.apache.org/jira/browse/QPID-7947
- https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E
- https://qpid.apache.org/cves/CVE-2017-15701.html
- http://www.securityfocus.com/bid/102041
- https://issues.apache.org/jira/browse/QPID-7947
- https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E
- https://qpid.apache.org/cves/CVE-2017-15701.html