cvelist/2018/8xxx/CVE-2018-8030.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "security@apache.org",
      "DATE_PUBLIC" : "2018-06-18T00:00:00",
      "ID" : "CVE-2018-8030",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Apache Qpid Broker-J",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "7.0.0, 7.0.1, 7.0.2, 7.0.3"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Apache Software Foundation"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Denial of Service Vulnerability"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages",
            "refsource" : "MLIST",
            "url" : "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876@%3Cusers.qpid.apache.org%3E"
         },
         {
            "name" : "1041138",
            "refsource" : "SECTRACK",
            "url" : "http://www.securitytracker.com/id/1041138"
         }
      ]
   }
}
- Synchronized data. 2018-03-09 16:03:15 -05:00			`{`
			`"CVE_data_meta" : {`
- Added submission from Apache Qpid from 2018-06-18. 2018-06-19 08:12:27 -04:00			`"ASSIGNER" : "security@apache.org",`
			`"DATE_PUBLIC" : "2018-06-18T00:00:00",`
- Synchronized data. 2018-03-09 16:03:15 -05:00			`"ID" : "CVE-2018-8030",`
- Added submission from Apache Qpid from 2018-06-18. 2018-06-19 08:12:27 -04:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
Go through all entries where assigner is security@apache.org (recent Apache CNA) and ensure that the product names are correct and consistent (which in most cases means adding "Apache", but some required more work). Make sure the vendor name is correct. Make sure affected versions matches the text somewhat, although we don't try to make every product write these in the same way, they're not supposed to be totally machine readable. Then make some fixes to the text as required where there are mistakes or inconsistencies or the Apache name isn't mentioned. There are 5 left untouched for now, one is known (where we assigned an issues to an incubator version which came out prior to being part of Apache), and four which need more work. 2019-02-08 14:15:02 +00:00			`"product_name" : "Apache Qpid Broker-J",`
- Added submission from Apache Qpid from 2018-06-18. 2018-06-19 08:12:27 -04:00			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "7.0.0, 7.0.1, 7.0.2, 7.0.3"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Apache Software Foundation"`
			`}`
			`]`
			`}`
- Synchronized data. 2018-03-09 16:03:15 -05:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Added submission from Apache Qpid from 2018-06-18. 2018-06-19 08:12:27 -04:00			`"value" : "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Denial of Service Vulnerability"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Synchronized data. 2018-06-19 09:04:33 -04:00			`"name" : "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages",`
			`"refsource" : "MLIST",`
- Added submission from Apache Qpid from 2018-06-18. 2018-06-19 08:12:27 -04:00			`"url" : "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876@%3Cusers.qpid.apache.org%3E"`
- Synchronized data. 2018-06-20 06:05:13 -04:00			`},`
			`{`
			`"name" : "1041138",`
			`"refsource" : "SECTRACK",`
			`"url" : "http://www.securitytracker.com/id/1041138"`
- Synchronized data. 2018-03-09 16:03:15 -05:00			`}`
			`]`
			`}`
			`}`