538 matches found
qpid-cpp: cluster authentication ignores cluster-* settings
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...
CVE-2009-5005
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...
Code injection
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...
CVE-2009-5005
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...
CVE-2009-5005
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...
CVE-2009-5006
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service NULL pointer...
CVE-2009-5006
Apache Qpid's broker (C++ SessionAdapter::ExchangeHandlerImpl::checkAlternate) before version 0.6, used in Red Hat Enterprise MRG before 1.3, is affected. A remote authenticated user can trigger a NULL pointer dereference by attempting to redeclare an existing exchange while adding an alternate e...
CVE-2009-5005
CVE-2009-5005 affects Apache Qpid used in Red Hat Enterprise MRG Messaging and Grid before version 1.3. The vulnerability is in Cluster::deliveredEvent handling of AMQP data, allowing a remote attacker to trigger a denial of service (daemon crash and cluster outage) through invalid AMQP data. Red...
Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Messaging and Grid Version 1.3
Updated packages that fix two security issues, several bugs, and add multiple enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise MRG Messaging and Grid for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as havi...
qpid: crash on receipt of invalid AMQP data
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...
qpid: crash when redeclaring the exchange with specified alternate_exchange
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service NULL pointer...
qpid: crash on receipt of invalid AMQP data
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...
Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Messaging and Grid Version 1.3
Updated packages that fix two security issues, several bugs, and add multiple enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise MRG Messaging and Grid for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as havi...
Design/Logic Flaw
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...
CVE-2010-3083
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...
CVE-2010-3083
The CVE-2010-3083 issue affects Red Hat Enterprise MRG Messaging (qpidd) when SSL is enabled. A flaw in how the SSL port is handled allows a remote attacker to cause a denial-of-service (daemon outage) by connecting to the SSL port without completing the SSL handshake. The vulnerability is addres...
MRG: SSL connections to MRG broker can be blocked
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...
qpid: large messaages cause crash when using digest-md5 and security layer
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...