CVE-2010-3083
First published: Fri Sep 10 2010(Updated: )
It was discovered that SSL connections to the MRG broker could easily be blocked. If a client or application initiated a connection to the MRG broker's listening SSL port, the client connection would block access to the port until the SSL handshake completes (or fails). If a client failed to proceed with it, then the thread was never freed to process other connections, denying service to other clients. Only SSL connections were affected by this issue, and SSL support is not enabled by default.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Qpid | =0.5 | |
| Apache Qpid | =0.6 | |
| redhat enterprise MRG | <=1.2 | |
| redhat enterprise MRG | =1.0 | |
| redhat enterprise MRG | =1.0.1 | |
| redhat enterprise MRG | =1.0.2 | |
| redhat enterprise MRG | =1.0.3 | |
| redhat enterprise MRG | =1.1.1 | |
| redhat enterprise MRG | =1.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2010-0757.html
- http://www.redhat.com/support/errata/RHSA-2010-0756.html
- http://www.openwall.com/lists/oss-security/2010/10/08/1
- http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch
- https://bugzilla.redhat.com/show_bug.cgi?id=632657
- http://secunia.com/advisories/41710
- http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=919487&r2=938992
- https://issues.apache.org/jira/browse/QPID-2083
- https://rhn.redhat.com/errata/RHSA-2010-0756.html
- https://rhn.redhat.com/errata/RHSA-2010-0757.html
Frequently Asked Questions
What is the severity of CVE-2010-3083?
CVE-2010-3083 has been classified as having medium severity due to its impact on SSL connection handling.
How do I fix CVE-2010-3083?
To fix CVE-2010-3083, upgrade to an unaffected version of Apache Qpid or Red Hat Enterprise MRG as specified in the vendor advisories.
What software is affected by CVE-2010-3083?
CVE-2010-3083 affects specific versions of Apache Qpid and Red Hat Enterprise MRG.
What is the potential impact of CVE-2010-3083?
The potential impact of CVE-2010-3083 is the blocking of SSL connections to the MRG broker, leading to denial of service.
Is there a workaround for CVE-2010-3083?
There are no known effective workarounds for CVE-2010-3083; the recommended solution is to apply updates.
- collector/nvd-historical
- collector/redhat-bugzilla
- alias/CVE-2010-3083
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache qpid
- version/apache qpid/0.5
- version/apache qpid/0.6
- vendor/redhat
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/1.2
- version/redhat enterprise mrg/1.0
- version/redhat enterprise mrg/1.0.1
- version/redhat enterprise mrg/1.0.2
- version/redhat enterprise mrg/1.0.3
- version/redhat enterprise mrg/1.1.1
- version/redhat enterprise mrg/1.1.2