DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2017-12174

High

Low Medium High Critical

7.5

CVSS Score

Published: Mar 07, 2018

Last Modified: Nov 21, 2024

CWE: CWE-400

Vulnerability Description

It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

27 configuration(s) from 2 vendor(s)

activemq_artemis

Version:

1.1.0

CPE:

cpe:2.3:a:apache:activemq_artemis:1.1.0:*:*:*:*:*:*:*

activemq_artemis

Version:

1.2.0

CPE:

cpe:2.3:a:apache:activemq_artemis:1.2.0:*:*:*:*:*:*:*

activemq_artemis

Version:

1.5.0

CPE:

cpe:2.3:a:apache:activemq_artemis:1.5.0:*:*:*:*:*:*:*

activemq_artemis

Version:

1.5.5

CPE:

cpe:2.3:a:apache:activemq_artemis:1.5.5:*:*:*:*:*:*:*

activemq_artemis

Version:

1.5.1

CPE:

cpe:2.3:a:apache:activemq_artemis:1.5.1:*:*:*:*:*:*:*

activemq_artemis

Version:

1.3.0

CPE:

cpe:2.3:a:apache:activemq_artemis:1.3.0:*:*:*:*:*:*:*

activemq_artemis

Version:

1.5.2

CPE:

cpe:2.3:a:apache:activemq_artemis:1.5.2:*:*:*:*:*:*:*

activemq_artemis

Version:

1.4.0

CPE:

cpe:2.3:a:apache:activemq_artemis:1.4.0:*:*:*:*:*:*:*

activemq_artemis

Version:

1.5.6

CPE:

cpe:2.3:a:apache:activemq_artemis:1.5.6:*:*:*:*:*:*:*

activemq_artemis

Version:

2.0.0

CPE:

cpe:2.3:a:apache:activemq_artemis:2.0.0:*:*:*:*:*:*:*

activemq_artemis

Version:

1.0.0

CPE:

cpe:2.3:a:apache:activemq_artemis:1.0.0:*:*:*:*:*:*:*

activemq_artemis

Version:

1.5.3

CPE:

cpe:2.3:a:apache:activemq_artemis:1.5.3:*:*:*:*:*:*:*

activemq_artemis

Version:

2.1.0

CPE:

cpe:2.3:a:apache:activemq_artemis:2.1.0:*:*:*:*:*:*:*

activemq_artemis

Version:

2.3.0

CPE:

cpe:2.3:a:apache:activemq_artemis:2.3.0:*:*:*:*:*:*:*

activemq_artemis

Version:

1.5.4

CPE:

cpe:2.3:a:apache:activemq_artemis:1.5.4:*:*:*:*:*:*:*

activemq_artemis

Version:

2.2.0

CPE:

cpe:2.3:a:apache:activemq_artemis:2.2.0:*:*:*:*:*:*:*

hornetq

Version:

2.1.2

CPE:

cpe:2.3:a:redhat:hornetq:2.1.2:*:*:*:*:*:*:*

hornetq

Version:

2.0.0

CPE:

cpe:2.3:a:redhat:hornetq:2.0.0:-:*:*:*:*:*:*

jboss_enterprise_application_platform

Version:

7.1.0

CPE:

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*

hornetq

Version:

2.2.14

CPE:

cpe:2.3:a:redhat:hornetq:2.2.14:*:*:*:*:*:*:*

hornetq

Version:

2.2.2

CPE:

cpe:2.3:a:redhat:hornetq:2.2.2:*:*:*:*:*:*:*

hornetq

Version:

2.3.0

CPE:

cpe:2.3:a:redhat:hornetq:2.3.0:-:*:*:*:*:*:*

hornetq

Version:

2.1.0

CPE:

cpe:2.3:a:redhat:hornetq:2.1.0:-:*:*:*:*:*:*

jboss_enterprise_application_platform

Version:

6.0.0

CPE:

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:beta:*:*:*:*:*:*

hornetq

Version:

2.1.1

CPE:

cpe:2.3:a:redhat:hornetq:2.1.1:*:*:*:*:*:*:*

hornetq

Version:

2.2.5

CPE:

cpe:2.3:a:redhat:hornetq:2.2.5:*:*:*:*:*:*:*

jboss_enterprise_application_platform

Version:

6.4.0

CPE:

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

This vulnerability affects 27 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

7.5

out of 10.0

High

Weakness Type (CWE)

CWE-400

Uncontrolled Resource Consumption

Description: The product does not properly control the allocation and maintenance of a limited resource.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class