CVE-2010-3083

2010-10-1221:00:02

[email protected]

web.nvd.nist.gov

cve-2010-3083

apache qpid

red hat enterprise mrg

ssl

denial of service

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

81.0%

JSON

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.

Affected configurations

NVD

Node

apacheqpidMatch0.5

apacheqpidMatch0.6

AND

redhatenterprise_mrgRange≤1.2

redhatenterprise_mrgMatch1.0

redhatenterprise_mrgMatch1.0.1

redhatenterprise_mrgMatch1.0.2

redhatenterprise_mrgMatch1.0.3

redhatenterprise_mrgMatch1.1.1

redhatenterprise_mrgMatch1.1.2

CPENameOperatorVersion
apache:qpidapache qpideq0.5
apache:qpidapache qpideq0.6
redhat:enterprise_mrgredhat enterprise mrgle1.2
redhat:enterprise_mrgredhat enterprise mrgeq1.0
redhat:enterprise_mrgredhat enterprise mrgeq1.0.1
redhat:enterprise_mrgredhat enterprise mrgeq1.0.2
redhat:enterprise_mrgredhat enterprise mrgeq1.0.3
redhat:enterprise_mrgredhat enterprise mrgeq1.1.1
redhat:enterprise_mrgredhat enterprise mrgeq1.1.2

CPE	Name	Operator	Version
apache:qpid	apache qpid	eq	0.5
apache:qpid	apache qpid	eq	0.6
redhat:enterprise_mrg	redhat enterprise mrg	le	1.2
redhat:enterprise_mrg	redhat enterprise mrg	eq	1.0
redhat:enterprise_mrg	redhat enterprise mrg	eq	1.0.1
redhat:enterprise_mrg	redhat enterprise mrg	eq	1.0.2
redhat:enterprise_mrg	redhat enterprise mrg	eq	1.0.3
redhat:enterprise_mrg	redhat enterprise mrg	eq	1.1.1
redhat:enterprise_mrg	redhat enterprise mrg	eq	1.1.2