DescriptionMurray McAllister
2014-03-06 07:00:50 UTC
Frantisek Reznicek of Red Hat reported that a change in or before qpid version 0.22 resulted in ACL policies only being loaded if the acl-file option was specified. This resulted in qpidd, by default, not checking the connection limit. A client could send a large number of requests to qpidd, resulting in the file descriptor limit being reached and qpidd refusing to handle further connections.
Comment 2Murray McAllister
2014-05-06 08:24:07 UTC
Acknowledgements:
This issue was discovered by Frantisek Reznicek of Red Hat.
Statement:
Not vulnerable. This issue did not affect the versions of qpid-cpp as shipped with Red Hat Enterprise Linux 6; Red Hat Enterprise MRG 2; and Red Hat Enterprise MRG Messaging 3.