4

CVE-2009-5006

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheQpid Version <= 0.5
RedhatEnterprise Mrg Version <= 1.2.2
RedhatEnterprise Mrg Version1.0
RedhatEnterprise Mrg Version1.0.1
RedhatEnterprise Mrg Version1.0.2
RedhatEnterprise Mrg Version1.0.3
RedhatEnterprise Mrg Version1.1.1
RedhatEnterprise Mrg Version1.1.2
RedhatEnterprise Mrg Version1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.09% 0.894
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/41710
Vendor Advisory
http://secunia.com/advisories/41812
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2684
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2010-0773.html
Patch
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2010-0774.html
Patch
Vendor Advisory
http://svn.apache.org/viewvc?revision=811188&view=revision
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=642377
https://issues.apache.org/jira/browse/QPID-2080
Patch