CVE-2018-8030

EPSS 0.91%
Published 20.06.2018 01:29:03
Last modified 21.11.2024 04:13:07
Source security@apache.org
Teams watchlist Login
Open Login

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Qpid Broker-j Version >= 7.0.0 <= 7.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.91%	0.736

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1041138

Third Party Advisory

VDB Entry

https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2018-8030

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-8030

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-8030

EUVD