Lucene search

PRIOn knowledge basePRION:CVE-2019-0223

HistoryApr 23, 2019 - 4:29 p.m.

Code injection

2019-04-2316:29:00

PRIOn knowledge base

www.prio-n.com

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

47.4%

JSON

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.

CPENameOperatorVersion
qpidge0.9
qpidle0.27.0
enterprise_linux_desktopeq7.0
enterprise_linux_desktopeq6.0
enterprise_linux_euseq6.7
enterprise_linux_euseq7.3
enterprise_linux_euseq7.4
enterprise_linux_euseq7.5
enterprise_linux_euseq7.6
enterprise_linux_euseq7.2

Name	Operator	Version
qpid	ge	0.9
qpid	le	0.27.0
enterprise_linux_desktop	eq	7.0
enterprise_linux_desktop	eq	6.0
enterprise_linux_eus	eq	6.7
enterprise_linux_eus	eq	7.3
enterprise_linux_eus	eq	7.4
enterprise_linux_eus	eq	7.5
enterprise_linux_eus	eq	7.6
enterprise_linux_eus	eq	7.2

Rows per page:

1-10 of 311

References

www.openwall.com/lists/oss-security/2019/04/23/4

www.securityfocus.com/bid/108044

access.redhat.com/errata/RHSA-2019:0886

access.redhat.com/errata/RHSA-2019:1398

access.redhat.com/errata/RHSA-2019:1399

access.redhat.com/errata/RHSA-2019:1400

access.redhat.com/errata/RHSA-2019:2777

access.redhat.com/errata/RHSA-2019:2778

access.redhat.com/errata/RHSA-2019:2779

access.redhat.com/errata/RHSA-2019:2780

access.redhat.com/errata/RHSA-2019:2781

access.redhat.com/errata/RHSA-2019:2782

issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel

lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E

lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E

lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E

lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E

lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

47.4%

JSON

Related for PRION:CVE-2019-0223