qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Stitcher (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-4021) Badly behaved clients can still clog up the broker
Date Fri, 25 May 2012 20:06:23 GMT

    [ https://issues.apache.org/jira/browse/QPID-4021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13283723#comment-13283723

Andrew Stitcher commented on QPID-4021:

This is CVE-2012-2145
> Badly behaved clients can still clog up the broker
> --------------------------------------------------
>                 Key: QPID-4021
>                 URL: https://issues.apache.org/jira/browse/QPID-4021
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.17
>            Reporter: Andrew Stitcher
> The recent code that timeouts out new connections that have not negotiated the protocol
within (a default) 2 seconds still leaves a gap where badly behaved applications can tie up
the broker.
> The timeout should really be till either heartbeats are activated in which case they
will take over the role of timing out idle connections. Or until the connection is authenticated
in which case the policy on admitting users should take care of limiting the connections.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message