Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2012-4458

Published: Mar 14, 2013 | Modified: Mar 19, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
5 MODERATE
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2012-4458
CWEhttps://cwe.mitre.org/data/definitions/189.html

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.

Affected Software

Name Vendor Start Version End Version
Qpid Apache * 0.20 (including)
Qpid Apache 0.5 (including) 0.5 (including)
Qpid Apache 0.6 (including) 0.6 (including)
Qpid Apache 0.7 (including) 0.7 (including)
Qpid Apache 0.8 (including) 0.8 (including)
Qpid Apache 0.9 (including) 0.9 (including)
Qpid Apache 0.10 (including) 0.10 (including)
Qpid Apache 0.11 (including) 0.11 (including)
Qpid Apache 0.12 (including) 0.12 (including)
Qpid Apache 0.13 (including) 0.13 (including)
Qpid Apache 0.14 (including) 0.14 (including)
Qpid Apache 0.15 (including) 0.15 (including)
Qpid Apache 0.16 (including) 0.16 (including)
Qpid Apache 0.17 (including) 0.17 (including)
Qpid Apache 0.18 (including) 0.18 (including)
Qpid Apache 0.19 (including) 0.19 (including)
MRG for RHEL-5 v. 2 RedHat cumin-messaging-0:0.1.1-2.el5 *
MRG for RHEL-5 v. 2 RedHat mrg-release-0:2.3.0-1.el5 *
MRG for RHEL-5 v. 2 RedHat python-qpid-0:0.18-4.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-cpp-mrg-0:0.18-14.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-java-0:0.18-7.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-jca-0:0.18-8.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-qmf-0:0.18-15.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-tests-0:0.18-2.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-tools-0:0.18-8.el5 *
MRG for RHEL-5 v. 2 RedHat rhm-docs-0:0.18-2.el5 *
MRG for RHEL-5 v. 2 RedHat saslwrapper-0:0.18-1.el5 *
Red Hat Enterprise MRG 2 RedHat cumin-messaging-0:0.1.1-2.el6 *
Red Hat Enterprise MRG 2 RedHat mrg-release-0:2.3.0-1.el6 *
Red Hat Enterprise MRG 2 RedHat python-qpid-0:0.18-4.el6 *
Red Hat Enterprise MRG 2 RedHat qpid-cpp-0:0.18-14.el6 *
Red Hat Enterprise MRG 2 RedHat qpid-java-0:0.18-7.el6 *
Red Hat Enterprise MRG 2 RedHat qpid-jca-0:0.18-8.el6 *
Red Hat Enterprise MRG 2 RedHat qpid-qmf-0:0.18-15.el6 *
Red Hat Enterprise MRG 2 RedHat qpid-tests-0:0.18-2.el6 *
Red Hat Enterprise MRG 2 RedHat qpid-tools-0:0.18-8.el6 *
Red Hat Enterprise MRG 2 RedHat rhm-docs-0:0.18-2.el6 *
Red Hat Enterprise MRG 2 RedHat rubygem-rake-0:0.8.7-2.1.el6 *
Red Hat Enterprise MRG 2 RedHat rubygems-0:1.8.16-1.el6 *
Red Hat Enterprise MRG 2 RedHat saslwrapper-0:0.18-1.el6_3 *
Red Hat Enterprise MRG 2 RedHat xerces-c-0:3.0.1-20.el6 *
Red Hat Enterprise MRG 2 RedHat xqilla-0:2.2.3-8.el6 *
Qpid-cpp Ubuntu artful *
Qpid-cpp Ubuntu esm-apps/xenial *
Qpid-cpp Ubuntu precise *
Qpid-cpp Ubuntu quantal *
Qpid-cpp Ubuntu raring *
Qpid-cpp Ubuntu saucy *
Qpid-cpp Ubuntu trusty *
Qpid-cpp Ubuntu upstream *
Qpid-cpp Ubuntu utopic *
Qpid-cpp Ubuntu vivid *
Qpid-cpp Ubuntu wily *
Qpid-cpp Ubuntu xenial *
Qpid-cpp Ubuntu yakkety *
Qpid-cpp Ubuntu zesty *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use