Short Name |
APP:MISC:MQTT-TOPIC-ECLIPSE |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Eclipse Mosquitto CVE-2018-12543 Denial of Service |
Release Date |
2019/03/12 |
Update Number |
3149 |
Supported Platforms |
srx-17.3+, srx-branch-17.4+, vsrx-15.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Eclipse Mosquitto versions 1.5 to 1.5.2 . A successful attack can result in a denial-of-service condition.
In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit.