CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-0200
https://notcve.org/view.php?id=CVE-2019-0200
06 Mar 2019 — A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later. Se ha detectado una vulnerabilidad de d... • http://www.securityfocus.com/bid/107215 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8030
https://notcve.org/view.php?id=CVE-2018-8030
19 Jun 2018 — A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected. Se ha encontrado una vulnerabilidad de denegación de servicio (DoS) en Apache Qpid Broker-J desde la versión 7.0.0 hasta la 7.0.4 cuando los protocolos AMQP 0-8, 0-9 o 0-91 se emplean para public... • http://www.securitytracker.com/id/1041138 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1298
https://notcve.org/view.php?id=CVE-2018-1298
09 Feb 2018 — A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentication of incoming AMQP connections in Apache Qpid Broker-J is performed by special entities called "Authentication Providers". Each Authentication Provider ca... • https://lists.apache.org/thread.html/d9087e9e57c9b6376754e2b4ea8cd5e9ae6449ed17fc384640c9c9e1%40%3Cusers.qpid.apache.org%3E • CWE-20: Improper Input Validation •