{"containers": {"cna": {"affected": [{"product": "Apache Qpid Broker-J", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.4"}]}], "datePublic": "2017-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected."}], "problemTypes": [{"descriptions": [{"description": "Apache Qpid Broker-J Denial of Service Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-02-20T19:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/QPID-7947"}, {"name": "[dev] 20171130 [SECURITY] [CVE-2017-15701] Apache Qpid Broker-J Denial of Service Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://qpid.apache.org/cves/CVE-2017-15701.html"}, {"name": "102041", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102041"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-11-30T00:00:00", "ID": "CVE-2017-15701", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Qpid Broker-J", "version": {"version_data": [{"version_value": "6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.4"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Apache Qpid Broker-J Denial of Service Vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://issues.apache.org/jira/browse/QPID-7947", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/QPID-7947"}, {"name": "[dev] 20171130 [SECURITY] [CVE-2017-15701] Apache Qpid Broker-J Denial of Service Vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe@%3Cdev.qpid.apache.org%3E"}, {"name": "https://qpid.apache.org/cves/CVE-2017-15701.html", "refsource": "CONFIRM", "url": "https://qpid.apache.org/cves/CVE-2017-15701.html"}, {"name": "102041", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102041"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:04:48.539Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/jira/browse/QPID-7947"}, {"name": "[dev] 20171130 [SECURITY] [CVE-2017-15701] Apache Qpid Broker-J Denial of Service Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://qpid.apache.org/cves/CVE-2017-15701.html"}, {"name": "102041", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102041"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-15701", "datePublished": "2017-12-01T15:00:00Z", "dateReserved": "2017-10-21T00:00:00", "dateUpdated": "2024-09-16T16:28:48.395Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:*", "matchCriteriaId": "84271735-DF9D-4AAF-B123-88403028D2A4", "versionEndIncluding": "6.1.4", "versionStartIncluding": "6.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected."}, {"lang": "es", "value": "En Apache Qpid Broker-J versiones 6.1.0 hasta 6.1.4 (inclusive), el broker no impone apropiadamente un tama\u00f1o m\u00e1ximo de trama en tramas AMQP versi\u00f3n 1.0. Un atacante remoto no autenticado podr\u00eda explotar esto para hacer que el broker agote toda la memoria disponible y finalmente termine. Los protocolos AMQP m\u00e1s antiguos no se ven afectados."}], "id": "CVE-2017-15701", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-01T15:29:00.213", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102041"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/QPID-7947"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://qpid.apache.org/cves/CVE-2017-15701.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/QPID-7947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://qpid.apache.org/cves/CVE-2017-15701.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}