CVE-2010-3083

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.

Published: Oct 12, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-3083
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apache / qpid	0.5	0.5.x
apache / qpid	0.6	0.6.x
redhat / enterprise_mrg	-	1.2.x
redhat / enterprise_mrg	1.0	1.0.x
redhat / enterprise_mrg	1.0.1	1.0.1.x
redhat / enterprise_mrg	1.0.2	1.0.2.x
redhat / enterprise_mrg	1.0.3	1.0.3.x
redhat / enterprise_mrg	1.1.1	1.1.1.x
redhat / enterprise_mrg	1.1.2	1.1.2.x

http://secunia.com/advisories/41710
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch
http://www.openwall.com/lists/oss-security/2010/10/08/1
http://www.redhat.com/support/errata/RHSA-2010-0756.html
http://www.redhat.com/support/errata/RHSA-2010-0757.html
https://bugzilla.redhat.com/show_bug.cgi?id=632657

Vulnerability Database

289,689

CVE-2010-3083