Frantisek Reznicek of Red Hat reported that a change in or before qpid version 0.22 resulted in ACL policies only being loaded if the acl-file option was specified. This resulted in qpidd, by default, not checking the connection limit. A client could send a large number of requests to qpidd, resulting in the file descriptor limit being reached and qpidd refusing to handle further connections.
This issue was discovered by Frantisek Reznicek of Red Hat.
Not vulnerable. This issue did not affect the versions of qpid-cpp as shipped with Red Hat Enterprise Linux 6; Red Hat Enterprise MRG 2; and Red Hat Enterprise MRG Messaging 3.
MRG-M 3.0 GA  was not affected by this issue.