Denial of service in Apache Qpid Dispatch Router
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-15699 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Apache Qpid Dispatch Router Hardware solutions / Routers for home users |
| Vendor | Apache Foundation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Denial of service
EUVDB-ID: #VU10597
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15699
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper processing of crafted Advanced
Message Queuing Protocol (AMQP) frames. A remote attacker who is able to establish an AMQP connection to a targeted device can send specially crafted AMQP frames, trigger a segmentation fault (segfault) condition and cause the device to shut down.
Update to version 0.8.1 or 1.0.0.
Apache Qpid Dispatch Router: 0.7.0 - 0.8.0
External linkshttp://issues.apache.org/jira/browse/DISPATCH-924
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
