High severity7.5NVD Advisory· Published Dec 1, 2017· Updated May 13, 2026

CVE-2017-15701

Description

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.qpid:qpid-brokerMaven	>= 6.1.0, < 6.1.5	6.1.5

Affected products

Apache/Qpid Broker J
cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:*
Range: >=6.1.0,<=6.1.4
Apache Software Foundation/Apache Qpid Broker-Jv5
Range: 6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/102041nvdThird Party AdvisoryVDB EntryWEB
github.com/advisories/GHSA-4r7g-7cpj-5jr7ghsaADVISORY
issues.apache.org/jira/browse/QPID-7947nvdIssue TrackingVendor AdvisoryWEB
nvd.nist.gov/vuln/detail/CVE-2017-15701ghsaADVISORY
qpid.apache.org/cves/CVE-2017-15701.htmlnvdMitigationVendor AdvisoryWEB
lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe@%3Cdev.qpid.apache.org%3EghsaWEB
lists.apache.org/thread.html/4054e1c90993f337eeea24a312841c0661653e673c0ff8e2cd9520fe%40%3Cdev.qpid.apache.org%3Envd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000