CVE-2009-5006
Apache Qpid < 0.6 - Authenticated Denial of Service via Exchange Alternate Modification
Title source: llmDescription
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
References (8)
Core 8
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2010-0774.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?revision=811188&view=revision
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2684
Patch x_refsource_confirm
https://issues.apache.org/jira/browse/QPID-2080
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=642377
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41812
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41710
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2010-0773.html
Scores
EPSS
0.0409
EPSS Percentile
89.6%
Details
Status
published
Products (9)
apache/qpid
< 0.5
redhat/enterprise_mrg
1.0
redhat/enterprise_mrg
1.0.1
redhat/enterprise_mrg
1.0.2
redhat/enterprise_mrg
1.0.3
redhat/enterprise_mrg
1.1.1
redhat/enterprise_mrg
1.1.2
redhat/enterprise_mrg
1.2
redhat/enterprise_mrg
< 1.2.2
Published
Oct 18, 2010
Tracked Since
Feb 18, 2026