CVE-2019-0200
Last modified
CVE-2019-0200 is a vulnerability of currently unknown severity. A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later.. EPSS estimates a 3.82% chance of exploitation in the next 30 days.
Description
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Qpid Broker-J | >= 6.0.0, <= 7.0.6 |
| Apache | Qpid Broker-J | 7.1.0 |
References
- http://www.securityfocus.com/bid/107215Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/107215Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-0200?
How severe is CVE-2019-0200?
How do I fix CVE-2019-0200?
Are you affected by CVE-2019-0200?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST