Denial Of Service (DoS)

2020-04-1000:48:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.007 Low

EPSS

Percentile

81.0%

JSON

Red Hat Enterprise MRG (Messaging, Realtime and Grid) is vulnerable to Denial Of Service (DoS). Due to a flaw in the way SSL connections to the MRG Messaging broker were handled, a connection (from a user or client application) to the broker’s SSL port would prevent the broker from responding to any other connections on that port, until the first connection’s SSL handshake completed or failed. A remote user could use this flaw to block connections from legitimate clients. Note that this issue only affected connections to the SSL port. The broker does not listen for SSL connections by default.

CPENameOperatorVersion
rhmeq0.2.2518__1.el4
rhmeq0.4.3038__1.el4
rhmeq0.5.3206__27.el5
rhmeq0.5.3206__8.el4
rhmeq0.2.2518__2.el5
rhmeq0.5.3206__9.el5
rhmeq0.5.3206__27.el4
rhmeq0.5.3206__2.el4
rhmeq0.5.3206__1.el5
rhmeq0.4.3038__1.el5

Name	Operator	Version
rhm	eq	0.2.2518__1.el4
rhm	eq	0.4.3038__1.el4
rhm	eq	0.5.3206__27.el5
rhm	eq	0.5.3206__8.el4
rhm	eq	0.2.2518__2.el5
rhm	eq	0.5.3206__9.el5
rhm	eq	0.5.3206__27.el4
rhm	eq	0.5.3206__2.el4
rhm	eq	0.5.3206__1.el5
rhm	eq	0.4.3038__1.el5