Apache : Security Vulnerabilities, CVEs, Published In October 2010 (Denial of service)
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
Max CVSS
4.3
EPSS Score
0.75%
Published
2010-10-12
Updated
2021-07-15
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
Max CVSS
5.0
EPSS Score
42.53%
Published
2010-10-04
Updated
2023-10-03
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
Max CVSS
4.0
EPSS Score
0.41%
Published
2010-10-18
Updated
2021-07-15
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
Max CVSS
5.0
EPSS Score
1.06%
Published
2010-10-18
Updated
2021-07-15
4 vulnerabilities found