CVE-2010-3083
First published: Fri Sep 10 2010(Updated: )
It was discovered that SSL connections to the MRG broker could easily be blocked. If a client or application initiated a connection to the MRG broker's listening SSL port, the client connection would block access to the port until the SSL handshake completes (or fails). If a client failed to proceed with it, then the thread was never freed to process other connections, denying service to other clients. Only SSL connections were affected by this issue, and SSL support is not enabled by default.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Qpid | =0.5 | |
| Apache Qpid | =0.6 | |
| redhat enterprise MRG | <=1.2 | |
| redhat enterprise MRG | =1.0 | |
| redhat enterprise MRG | =1.0.1 | |
| redhat enterprise MRG | =1.0.2 | |
| redhat enterprise MRG | =1.0.3 | |
| redhat enterprise MRG | =1.1.1 | |
| redhat enterprise MRG | =1.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2010-0757.html
- http://www.redhat.com/support/errata/RHSA-2010-0756.html
- http://www.openwall.com/lists/oss-security/2010/10/08/1
- http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch
- https://bugzilla.redhat.com/show_bug.cgi?id=632657
- http://secunia.com/advisories/41710
- http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=919487&r2=938992
- https://issues.apache.org/jira/browse/QPID-2083
- https://rhn.redhat.com/errata/RHSA-2010-0756.html
- https://rhn.redhat.com/errata/RHSA-2010-0757.html
- collector/nvd-historical
- collector/redhat-bugzilla
- alias/CVE-2010-3083
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache qpid
- version/apache qpid/0.5
- version/apache qpid/0.6
- vendor/redhat
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/1.2
- version/redhat enterprise mrg/1.0
- version/redhat enterprise mrg/1.0.1
- version/redhat enterprise mrg/1.0.2
- version/redhat enterprise mrg/1.0.3
- version/redhat enterprise mrg/1.1.1
- version/redhat enterprise mrg/1.1.2