CVE-2010-3083

MRG: SSL connections to MRG broker can be blocked

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.

sys/ssl/SslSocket.cpp en qpidd en Apache Qpid, como se usa en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 y otros productos, cuando SSL está habilitado, permite a atacantes remotos provocar una denegación de servicio (parada de demonio) conectando al puerto SSL pero no participando en una negociación SSL.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-08-20 CVE Reserved
2010-10-12 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
http://secunia.com/advisories/41710	Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/08/1	Mailing List

URL	Date	SRC

URL	Date	SRC
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch	2021-07-15
http://www.redhat.com/support/errata/RHSA-2010-0756.html	2021-07-15
http://www.redhat.com/support/errata/RHSA-2010-0757.html	2021-07-15

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=632657	2010-10-08
https://access.redhat.com/security/cve/CVE-2010-3083	2010-10-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.5 Search vendor "Apache" for product "Qpid" and version "0.5"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	<= 1.2 Search vendor "Redhat" for product "Enterprise Mrg" and version " <= 1.2"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.5 Search vendor "Apache" for product "Qpid" and version "0.5"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.0 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.0"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.5 Search vendor "Apache" for product "Qpid" and version "0.5"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.0.1 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.0.1"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.5 Search vendor "Apache" for product "Qpid" and version "0.5"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.0.2 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.0.2"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.5 Search vendor "Apache" for product "Qpid" and version "0.5"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.0.3 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.0.3"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.5 Search vendor "Apache" for product "Qpid" and version "0.5"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.1.1 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.1.1"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.5 Search vendor "Apache" for product "Qpid" and version "0.5"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.1.2 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.1.2"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.6 Search vendor "Apache" for product "Qpid" and version "0.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	<= 1.2 Search vendor "Redhat" for product "Enterprise Mrg" and version " <= 1.2"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.6 Search vendor "Apache" for product "Qpid" and version "0.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.0 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.0"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.6 Search vendor "Apache" for product "Qpid" and version "0.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.0.1 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.0.1"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.6 Search vendor "Apache" for product "Qpid" and version "0.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.0.2 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.0.2"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.6 Search vendor "Apache" for product "Qpid" and version "0.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.0.3 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.0.3"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.6 Search vendor "Apache" for product "Qpid" and version "0.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.1.1 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.1.1"	-	Affected
Apache Search vendor "Apache"	Qpid Search vendor "Apache" for product "Qpid"	0.6 Search vendor "Apache" for product "Qpid" and version "0.6"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg"	1.1.2 Search vendor "Redhat" for product "Enterprise Mrg" and version "1.1.2"	-	Affected