Vulnerability Details CVE-2009-5006
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.4%
CVSS Severity
CVSS v2 Score 4.0
References
- http://secunia.com/advisories/41710
- http://secunia.com/advisories/41812
- http://svn.apache.org/viewvc?revision=811188&view=revision
- http://www.vupen.com/english/advisories/2010/2684
- https://bugzilla.redhat.com/show_bug.cgi?id=642377
- https://issues.apache.org/jira/browse/QPID-2080
- https://rhn.redhat.com/errata/RHSA-2010-0773.html
- https://rhn.redhat.com/errata/RHSA-2010-0774.html
- http://secunia.com/advisories/41710
- http://secunia.com/advisories/41812
- http://svn.apache.org/viewvc?revision=811188&view=revision
- http://www.vupen.com/english/advisories/2010/2684
- https://bugzilla.redhat.com/show_bug.cgi?id=642377
- https://issues.apache.org/jira/browse/QPID-2080
- https://rhn.redhat.com/errata/RHSA-2010-0773.html
- https://rhn.redhat.com/errata/RHSA-2010-0774.html
Products affected by CVE-2009-5006
-
cpe:2.3:a:apache:qpid:0.5
-
cpe:2.3:o:redhat:enterprise_mrg:1.0
-
cpe:2.3:o:redhat:enterprise_mrg:1.0.1
-
cpe:2.3:o:redhat:enterprise_mrg:1.0.2
-
cpe:2.3:o:redhat:enterprise_mrg:1.0.3
-
cpe:2.3:o:redhat:enterprise_mrg:1.1.1
-
cpe:2.3:o:redhat:enterprise_mrg:1.1.2
-
cpe:2.3:o:redhat:enterprise_mrg:1.2
-
cpe:2.3:o:redhat:enterprise_mrg:1.2.2