Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2026/05/04 11:42 a.m.24 views

CVE-2026-40542

A flaw was found in Apache HttpClient. This vulnerability allows a remote attacker to bypass a critical step in the SCRAM-SHA-256 authentication process. By exploiting this, an attacker can trick the client into accepting authentication without proper mutual verification, potentially compromising...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper...

7.3CVSS5.9AI score0.00456EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/28 5:26 p.m.15 views

Improper Authentication

Apache HttpClient is vulnerable to Improper Authentication. The vulnerability is due to a missing verification step in SCRAM-SHA-256 authentication, which allows an attacker to bypass proper mutual authentication checks and be accepted by the client...

7.3CVSS5.3AI score0.00456EPSS
Exploits0References8Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.8 views

SUSE CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 8:16 a.m.13 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS0.00456EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:7 a.m.5 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

5.7AI score0.00456EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 7:7 a.m.34 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

0.00456EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34264

Name of the Vulnerable Software and Affected Versions Apache HttpClient version 5.6 Description A missing critical step in authentication allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Recommendations Upgrade to...

7.3CVSS5.2AI score0.00456EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-3246

Malicious code in bioql PyPI...

7.5CVSS6.1AI score0.06181EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/17 2:24 a.m.33 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS3.2AI score0.06181EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2017/05/15 2:29 p.m.20 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS7.5AI score0.06181EPSS
Exploits1References4
Prion
Prion
added 2017/05/15 2:29 p.m.19 views

Authentication flaw

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

5CVSS7AI score0.06181EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2017/05/15 2:29 p.m.21 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS6.7AI score0.06181EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2017/01/03 3:18 p.m.26 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS3.7AI score0.06181EPSS
Exploits1References1
Veracode
Veracode
added 2016/12/30 1:9 a.m.21 views

Information Leakage

qpid-broker-core is vulnerable to information leakage. It is possible for a remote attacker to determine the existence of user accounts due to a prematurely termination SCRAM SASL negotiation. This vulnerability only applies for applications using the SCRAM-SHA-1 or SCAM-SHA-256...

7.5CVSS7.2AI score0.06181EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2016/12/29 12:0 a.m.57 views

Apache Qpid Broker For Java 6.1.0 Information Leak Vulnerability

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders prematurely terminate the...

5CVSS7.5AI score0.06181EPSS
Exploits1
Rows per page
Query Builder