Lucene search

[email protected]NVD:CVE-2012-4458

HistoryMar 14, 2013 - 3:10 a.m.

CVE-2012-4458

2013-03-1403:10:23

CWE-189

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.6%

JSON

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.

Affected configurations

NVD

Node

apacheqpidRange≤0.20

apacheqpidMatch0.5

apacheqpidMatch0.6

apacheqpidMatch0.7

apacheqpidMatch0.8

apacheqpidMatch0.9

apacheqpidMatch0.10

apacheqpidMatch0.11

apacheqpidMatch0.12

apacheqpidMatch0.13

apacheqpidMatch0.14

apacheqpidMatch0.15

apacheqpidMatch0.16

apacheqpidMatch0.17

apacheqpidMatch0.18

apacheqpidMatch0.19

References

rhn.redhat.com/errata/RHSA-2013-0561.html

rhn.redhat.com/errata/RHSA-2013-0562.html

secunia.com/advisories/52516

svn.apache.org/viewvc?view=revision&revision=1453031

bugzilla.redhat.com/show_bug.cgi?id=861234

issues.apache.org/jira/browse/QPID-4629

issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.6%

JSON

Related for NVD:CVE-2012-4458

ubuntucve1 veracode1 prion1 cvelist1 cve1 nessus2 redhat2