First published: Fri Apr 27 2012(Updated: )
A flaw was found in the way that qpidd handled incoming connections. If a client application were to send a large number of connections to qpidd, without terminating the connections with an incomplete handshake, qpidd would keep a file descriptor open for each connection. This could lead to excessive resource consumption by qpidd and could also block other legitimate connection requests. This flaw has also been reported upstream: <a href="https://issues.apache.org/jira/browse/QPID-2616">https://issues.apache.org/jira/browse/QPID-2616</a> (RFE for disconnecting clients on incomplete handshakes) <a href="https://issues.apache.org/jira/browse/QPID-4021">https://issues.apache.org/jira/browse/QPID-4021</a> (the actual flaw)
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Qpid | <=0.17 | |
Apache Qpid | =0.6 | |
Apache Qpid | =0.7 | |
Apache Qpid | =0.8 | |
Apache Qpid | =0.9 | |
Apache Qpid | =0.10 | |
Apache Qpid | =0.12 | |
Apache Qpid | =0.14 | |
Apache Qpid | =0.16 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.