CVE-2015-0203

Impact:
Moderate
Public Date:
2015-01-13
Bugzilla:
1181721: CVE-2015-0203 qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling
A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd.

Find out more about CVE-2015-0203 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 2.9
Base Metrics AV:A/AC:M/Au:N/C:N/I:N/A:P
Access Vector Adjacent Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat MRG Messaging v.3 for RHEL-7 (qpid-cpp) RHSA-2015:0708 2015-03-19
Red Hat Satellite 6.1 - Optional RHBA-2016:1500 2016-07-27
Red Hat Satellite 6.2 RHBA-2016:1500 2016-07-27
Red Hat MRG Messaging v.2 for RHEL-7 (qpid-cpp) RHSA-2015:0660 2015-03-09
Red Hat MRG Grid Execute Node for RHEL 6 ComputeNode v.2 (qpid-cpp) RHSA-2015:0661 2015-03-09
Red Hat MRG Grid for RHEL 6 Server v.2 (qpid-cpp) RHSA-2015:0661 2015-03-09
Red Hat Satellite Capsule 6.2 RHBA-2016:1500 2016-07-27
MRG Grid for RHEL 5 Server v.2 (qpid-cpp-mrg) RHSA-2015:0662 2015-03-09
Red Hat MRG Messaging for RHEL 6 Server v.3 (qpid-cpp) RHSA-2015:0707 2015-03-19
Red Hat Satellite Capsule 6.1 RHBA-2016:1500 2016-07-27

Affected Packages State

Platform Package State
Red Hat Satellite 6 qpid-cpp Will not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) qpid-cpp Will not fix
Red Hat Enterprise Linux 6 qpid-cpp Will not fix

Acknowledgements

Red Hat would like to thank the Apache Software Foundation for reporting this issue. Upstream acknowledges G. Geshev from MWR Labs as the original reporter.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.