MS14-042: Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621)

medium Nessus Plugin ID 76411

Synopsis

The remote host has an application installed that is affected by a denial of service vulnerability.

Description

The version of Microsoft Service Bus for Windows Servers installed on the remote Windows host is affected by a denial of service vulnerability. By sending a specially crafted Advanced Message Queuing Protocol (AMQP) message, a remote authenticated attacker could crash the affected service.

Solution

Microsoft has released a set of patches for Microsoft Service Bus 1.1.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-042

Plugin Details

Severity: Medium

ID: 76411

File Name: smb_nt_ms14-042.nasl

Version: 1.6

Type: local

Agent: windows

Published: 7/8/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:microsoft:service_bus

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 7/8/2014

Vulnerability Publication Date: 7/8/2014

Reference Information

CVE: CVE-2014-2814

BID: 68393

IAVB: 2014-B-0094

MSFT: MS14-042

MSKB: 2972621