CVE-2017-15701

HIGH

Apache Qpid Broker-J 6.1.0-6.1.4 - Unauthenticated Denial of Service via AMQP 1.0 Frame Size Exhaustion

Title source: llm

Description

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.

References (4)

Core 4

Core References

Issue Tracking, Vendor Advisory x_refsource_confirm

https://issues.apache.org/jira/browse/QPID-7947

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E

Mitigation, Vendor Advisory x_refsource_confirm

https://qpid.apache.org/cves/CVE-2017-15701.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102041

Scores

CVSS v3 7.5

EPSS 0.0228

EPSS Percentile 84.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (3)

apache/qpid_broker-j 6.1.0 - 6.1.4

Apache Software Foundation/Apache Qpid Broker-J 6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.4

org.apache.qpid/qpid-broker 6.1.0 - 6.1.5Maven

Published Dec 01, 2017

Tracked Since Feb 18, 2026