The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Qpid | Apache | * | 0.30 (including) |