[SECURITY] CVE-2017-15699: Apache Qpid Dispatch Router Denial of Service Vulnerability when specially crafted frame is sent to the Router

[SECURITY] CVE-2017-15699: Apache Qpid Dispatch Router Denial of Service Vulnerability when specially crafted frame is sent to the Router

The, Router, Apache, Dispatch, Vulnerability, Exploit, Attacker, Which, Possible, User, Connection, Able, Must, Versions, This, Then, Frame, Crafted, Authentication, Any, Qpid, Amqp

CVE-2017-15699: Apache Qpid Dispatch Router Denial of ServiceVulnerability when specially crafted frame is sent to the R


CVE-2017-15699: Apache Qpid Dispatch Router Denial of Service
Vulnerability when specially crafted frame is sent to the Router
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Versions 0.7.0 and 0.8.0
Description: A Denial of Service vulnerability was found in Apache
Qpid Dispatch Router 0.7.0 and 0.8.0. To exploit this vulnerability, a
remote user must be able to establish an AMQP connection to the Qpid
Dispatch Router and send a specifically crafted AMQP frame which will
cause it to segfault and shut down.
Resolution:
Users of Qpid Dispatch Router versions 0.7.0 and 0.8.0 must upgrade to
version 0.8.1 or 1.0.0 and later.
Mitigation:
Any user who is able to connect to the Router may exploit the
vulnerability. If anonymous authentication is enabled then any remote
user with network access the Router is a possible attacker. The number
of possible attackers is reduced if the Router is configured to
require authentication. Then an attacker needs to have authentic
credentials which are used to create a connection to the Router before
proceeding to exploit this vulnerability.
[1] - https://issues.apache.org/jira/browse/DISPATCH-924

Zdroj: Apache

2018-02-13 21:09:57 2223 584Facebook | Twitter | Google+ | LinkedIn
Web PHP developer Milan Jankovec

<Milan Jankovec> Full Stack Web Developer

Vytváram webové stránky a aplikácie na mieru. Čistý a validný HTML5 kód na každej platforme, moderné animované CSS3 štýly a neuveriteľné JavaScript kúzla. Bezpečný a rýchly PHP kód bez obmedzení s geniálnou architektúrou databáz.

Najčítanejšie články

What's New in MySQL 5.6 Release Candidate

The MySQL 5.6 Release Candidate is an aggregation of the previous MySQL 5.6 Development Milestone Releases (DMR) and provides a true functio... čítať viac

MySQL 5.6: Improvements in Thread Pool

MySQL Thread Pool has now been updated for the MySQL 5.6 version. Obviously, with the much higher concurrency of the MySQL Server in 5.6 its... čítať viac

DBA and Developer Guide to MySQL 5.6

MySQL is the most trusted and depended-on open source database platform in use today. As such, 9 out of the top 10 most popular and highly-t... čítať viac

MySQL Cluster 7.3 GA: Increasing Developer Flexibility and Simplicity

The MySQL team at Oracle are excited to announce the immediate availability of the MySQL Cluster 7.3 Development Milestone Release GA releas... čítať viac

MySQL Applier for Hadoop

To support the growing emphasis on real-time operations, MySQL is releasing a new MySQL Applier for Hadoop to enable the replication of even... čítať viac

MySQL Cluster Auto-Installer: Video Tutorial

Learn how easy it is to deploy a MySQL Cluster database that has been configured to best meet your applications needs within your environmen... čítať viac

MySQL Replication Utilities: Video Tutorial

Learn how to use MySQL 5.6 and the MySQL Utilities to setup, monitor and manage your MySQL replication topology. See how a single command ca... čítať viac

MySQL 5.6 Replication - Enabling the Next Generation of Web & Cloud Services

The new MySQL 5.6.5 Development Milestone Release (DMR) introduces a much anticipated feature - Global Transaction Identifiers (GTIDs) for M... čítať viac

Dnešný výber

NS Auticons (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom NS Auticons (Joomla). NS Auticon allows automatic glyph icon insertion via... čítať viac

4 OpenCart Extensions You Need to Know About

When you create a new OpenCart store, adding new features and customisations is so exciting - everyone likes to see their website grow. Alth... čítať viac

DutyMan Integration for OS Membership Pro (Joomla)

Joomla extension DutyMan Integration for OS Membership Pro (Joomla). This is a plugin that connects the popular DutyMan Website functions, u... čítať viac

Apache JSPWiki 2.10.0 released

The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.10.0. This is the 2.10.0 release of Apache JSPWiki, a feature-rich a... čítať viac

M4Embed (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom M4Embed (Joomla). M4embed plugin offer an easy way to embed videos, images... čítať viac

Docker 1.10 with Fan Networking in Ubuntu 16.04, for Every Architecture!

I'm thrilled to introduce Docker 1.10.3, supported on every Ubuntu architecture, for Ubuntu 16.04 LTS, and announce the General Availab... čítať viac

SV Product Presentation - Lite (Joomla)

Joomla extension SV Product Presentation - Lite (Joomla). This is an easy-to-use Joomla module for presentation your products - services wit... čítať viac

Apache Tomcat 8.0.47 released

The Apache Tomcat team announces the immediate availability of ApacheTomcat 8.0.47.Please note that Tomcat 8.x users sho... čítať viac