CVE-2018-8030 - OpenCVE

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Qpid Broker-j

Configuration 1 [-]

cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securitytracker.com/id/1041138	Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2018-06-18T00:00:00

Updated: 2018-06-20T09:57:01

Reserved: 2018-03-09T00:00:00

Link: CVE-2018-8030

JSON object: View

NVD Information

Status : Modified

Published: 2018-06-20T01:29:03.977

Modified: 2023-11-07T03:01:22.083

Link: CVE-2018-8030

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "Apache Qpid Broker-J", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "7.0.0, 7.0.1, 7.0.2, 7.0.3"}]}], "datePublic": "2018-06-18T00:00:00", "descriptions": [{"lang": "en", "value": "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-20T09:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "1041138", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041138"}, {"name": "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-06-18T00:00:00", "ID": "CVE-2018-8030", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Qpid Broker-J", "version": {"version_data": [{"version_value": "7.0.0, 7.0.1, 7.0.2, 7.0.3"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service Vulnerability"}]}]}, "references": {"reference_data": [{"name": "1041138", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041138"}, {"name": "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876@%3Cusers.qpid.apache.org%3E"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-8030", "datePublished": "2018-06-18T00:00:00", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2018-06-20T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C6D75B3-9568-4841-A36D-9946CB41C79B", "versionEndIncluding": "7.0.4", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en Apache Qpid Broker-J desde la versi\u00f3n 7.0.0 hasta la 7.0.4 cuando los protocolos AMQP 0-8, 0-9 o 0-91 se emplean para publicar mensajes con un tama\u00f1o mayor que el l\u00edmite de tama\u00f1o de mensaje m\u00e1ximo permitido (100 MB por defecto). El broker se cierre inesperadamente debido a este defecto. Los protocolos AMQP 0-10 y 1.0 no se han visto afectados."}], "id": "CVE-2018-8030", "lastModified": "2023-11-07T03:01:22.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-20T01:29:03.977", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041138"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876%40%3Cusers.qpid.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}