CVE-2018-8030 - Vulnerability Details

Vendors	Products
Apache	Qpid Broker-j

Link	Providers
http://www.securitytracker.com/id/1041138
https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Apache Qpid Broker-J", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "7.0.0, 7.0.1, 7.0.2, 7.0.3"}]}], "datePublic": "2018-06-18T00:00:00", "descriptions": [{"lang": "en", "value": "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-20T09:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "1041138", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041138"}, {"name": "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-06-18T00:00:00", "ID": "CVE-2018-8030", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Qpid Broker-J", "version": {"version_data": [{"version_value": "7.0.0, 7.0.1, 7.0.2, 7.0.3"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service Vulnerability"}]}]}, "references": {"reference_data": [{"name": "1041138", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041138"}, {"name": "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876@%3Cusers.qpid.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:46:13.362Z"}, "title": "CVE Program Container", "references": [{"name": "1041138", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041138"}, {"name": "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-8030", "datePublished": "2018-06-19T13:00:00Z", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2024-09-16T19:41:52.432Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Apache Qpid Broker-J (string)

vendor : Apache Software Foundation (string)

versions : [ »

0 : { »

status : affected (string)

version : 7.0.0, 7.0.1, 7.0.2, 7.0.3 (string)

}

]

}

]

datePublic : 2018-06-18T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Denial of Service Vulnerability (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-06-20T09:57:01 (string)

orgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

shortName : apache (string)

}

references : [ »

0 : { »

name : 1041138 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1041138 (string)

}

1 : { »

name : [qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@apache.org (string)

DATE_PUBLIC : 2018-06-18T00:00:00 (string)

ID : CVE-2018-8030 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Apache Qpid Broker-J (string)

version : { »

version_data : [ »

0 : { »

version_value : 7.0.0, 7.0.1, 7.0.2, 7.0.3 (string)

}

]

}

]

}

vendor_name : Apache Software Foundation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Denial of Service Vulnerability (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 1041138 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1041138 (string)

}

1 : { »

name : [qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages (string)

refsource : MLIST (string)

url : https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876@%3Cusers.qpid.apache.org%3E (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T06:46:13.362Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 1041138 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1041138 (string)

}

1 : { »

name : [qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

assignerShortName : apache (string)

cveId : CVE-2018-8030 (string)

datePublished : 2018-06-19T13:00:00Z (string)

dateReserved : 2018-03-09T00:00:00 (string)

dateUpdated : 2024-09-16T19:41:52.432Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C6D75B3-9568-4841-A36D-9946CB41C79B", "versionEndIncluding": "7.0.4", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en Apache Qpid Broker-J desde la versi\u00f3n 7.0.0 hasta la 7.0.4 cuando los protocolos AMQP 0-8, 0-9 o 0-91 se emplean para publicar mensajes con un tama\u00f1o mayor que el l\u00edmite de tama\u00f1o de mensaje m\u00e1ximo permitido (100 MB por defecto). El broker se cierre inesperadamente debido a este defecto. Los protocolos AMQP 0-10 y 1.0 no se han visto afectados."}], "id": "CVE-2018-8030", "lastModified": "2024-11-21T04:13:07.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-20T01:29:03.977", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041138"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0C6D75B3-9568-4841-A36D-9946CB41C79B (string)

versionEndIncluding : 7.0.4 (string)

versionStartIncluding : 7.0.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected. (string)

}

1 : { »

lang : es (string)

value : Se ha encontrado una vulnerabilidad de denegación de servicio (DoS) en Apache Qpid Broker-J desde la versión 7.0.0 hasta la 7.0.4 cuando los protocolos AMQP 0-8, 0-9 o 0-91 se emplean para publicar mensajes con un tamaño mayor que el límite de tamaño de mensaje máximo permitido (100 MB por defecto). El broker se cierre inesperadamente debido a este defecto. Los protocolos AMQP 0-10 y 1.0 no se han visto afectados. (string)

}

]

id : CVE-2018-8030 (string)

lastModified : 2024-11-21T04:13:07.823 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-06-20T01:29:03.977 (string)

references : [ »

0 : { »

source : security@apache.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1041138 (string)

}

1 : { »

source : security@apache.org (string)

url : https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1041138 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E (string)

}

]

sourceIdentifier : security@apache.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object