The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.
If upgrading is not possible, the vulnerability can be mitigated using
an ACL file containing "ACCESS VIRTUALHOST" clauses that white-lists
user access to all virtualhosts.
If AMQP 0-8, 0-9, 0-91, and 0-10 support is not required, the
vulnerability can also be mitigated by turning off these protocols at
the Port level.