CVE-2012-2145

2012-09-2815:55:02

CWE-399

[email protected]

web.nvd.nist.gov

apache qpid

cve-2012-2145

denial of service

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.6%

JSON

Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.

Affected configurations

NVD

Node

apacheqpidRange≤0.17

apacheqpidMatch0.6

apacheqpidMatch0.7

apacheqpidMatch0.8

apacheqpidMatch0.9

apacheqpidMatch0.10

apacheqpidMatch0.12

apacheqpidMatch0.14

apacheqpidMatch0.16

CPENameOperatorVersion
apache:qpidapache qpidle0.17
apache:qpidapache qpideq0.6
apache:qpidapache qpideq0.7
apache:qpidapache qpideq0.8
apache:qpidapache qpideq0.9
apache:qpidapache qpideq0.10
apache:qpidapache qpideq0.12
apache:qpidapache qpideq0.14
apache:qpidapache qpideq0.16

CPE	Name	Operator	Version
apache:qpid	apache qpid	le	0.17
apache:qpid	apache qpid	eq	0.6
apache:qpid	apache qpid	eq	0.7
apache:qpid	apache qpid	eq	0.8
apache:qpid	apache qpid	eq	0.9
apache:qpid	apache qpid	eq	0.10
apache:qpid	apache qpid	eq	0.12
apache:qpid	apache qpid	eq	0.14
apache:qpid	apache qpid	eq	0.16