CVE-2015-0203

Advisory lineage Upstream: 0 Downstream: 7

Downstream

RHBA-2016:1500 RHSA-2015:0660 RHSA-2015:0661 RHSA-2015:0662 RHSA-2015:0707 RHSA-2015:0708

Modified

Published: 21 Feb 2018, 15:00

Last modified:06 Aug 2024, 04:03

Vulnerability Summary

Overall Risk (default)

medium

29/100

CVSS Score

6.5 MEDIUM

v3.0 (nvd)

EPSS Score

16.99% MEDIUM

17% probability -0.11%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Feb 2018, 15:00

Published

Vulnerability first disclosed

06 Aug 2024, 04:03

Last Modified

Vulnerability information updated

Description

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.

CVSS Metrics

v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 16.99%• Percentile: 95%

Techniques & Countermeasures

CWE-19•Data Processing Errors
Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.

Affected Systems

apache•qpid
≤ 0.30