Apache Qpid Broker-J AMQP 1.0 Frame Size Enforcement Vulnerability

Apache Qpid Broker-J AMQP 1.0 Frame Size Enforcement Vulnerability

CVE-2017-15701 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.

Learn more about our Cis Benchmark Audit For Apache Http Server.