Lucene search
+L

282 matches found

RedhatCVE
RedhatCVE
added 2018/02/09 5:22 a.m.30 views

CVE-2018-1298

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...

7.5CVSS2.3AI score0.02373EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2017/12/11 3:19 p.m.40 views

CVE-2017-15702

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...

9.8CVSS2.1AI score0.06214EPSS
Exploits0References2
CNVD
CNVD
added 2017/12/05 12:0 a.m.5 views

Apache Qpid Broker-J Security Bypass Vulnerability

Apache Qpid is the United States Apache Apache Software Foundation developed an object-oriented messaging middleware , it is an AMQP Advanced Message Queuing Protocol implementation , you can communicate with AMQP-compliant systems , and provides a C++, Python, Java, C and other programming...

9.8CVSS6.9AI score0.06214EPSS
Exploits0References1
Veracode
Veracode
added 2017/12/04 12:52 a.m.25 views

Authentication Port Spoofing

Apache Qpid Broker-J is vulnerable to authentication port spoofing. An attacker can use an HTTP port to trick the library into using an authentication provider which is configured for a different port number referred to as the spoofed port. This becomes a vulnerability when the spoofed port has a...

9.8CVSS9.3AI score0.06214EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2017/12/01 3:29 p.m.28 views

Authentication flaw

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...

7.5CVSS9.7AI score0.06214EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/12/01 3:29 p.m.5 views

CVE-2017-15702

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...

9.8CVSS5.8AI score0.06214EPSS
Exploits0References4
NVD
NVD
added 2017/12/01 3:29 p.m.43 views

CVE-2017-15702

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...

9.8CVSS9.7AI score0.06214EPSS
Exploits0References4
Prion
Prion
added 2017/12/01 3:29 p.m.18 views

Memory corruption

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...

5CVSS7.5AI score0.04389EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/12/01 3:29 p.m.28 views

CVE-2017-15701

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...

7.5CVSS6.9AI score0.04389EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/12/01 3:0 p.m.31 views

CVE-2017-15701

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...

7.4AI score0.04389EPSS
Exploits0References4
CVE
CVE
added 2017/12/01 3:0 p.m.89 views

CVE-2017-15701

The CVE-2017-15701 entry applies to Apache Qpid Broker-J versions 6.1.0–6.1.4, where AMQP 1.0 frame size is not properly enforced, allowing a remote unauthenticated attacker to exhaust memory and cause DoS. A fix is available in 6.1.5 and later; upgrade to 6.1.5+ or apply the applicable mitigatio...

7.5CVSS7.4AI score0.04389EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2017/12/01 12:0 a.m.7 views

PT-2017-14151 · Apache · Apache Qpid Broker-J

Name of the Vulnerable Software and Affected Versions: Apache Qpid Broker-J versions 0.18 through 0.32 Description: The issue allows a remote unauthenticated attacker to trick the broker into using an authentication provider configured on a different port when connecting to an HTTP port. This...

9.8CVSS6.7AI score0.06214EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2017/11/14 11:49 p.m.50 views

CVE-2017-15699

A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and...

6.8CVSS6.7AI score0.03213EPSS
Exploits0References1
Prion
Prion
added 2017/10/30 2:29 p.m.16 views

Design/Logic Flaw

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203...

5CVSS6.4AI score0.15119EPSS
Exploits0References14Affected Software1
UbuntuCve
UbuntuCve
added 2017/10/30 2:29 p.m.30 views

CVE-2015-0224

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203...

7.5CVSS6.8AI score0.15119EPSS
Exploits0References1
CVE
CVE
added 2017/10/30 2:0 p.m.76 views

CVE-2015-0224

CVE-2015-0224 affects qpidd (Apache Qpid) 0.30 and earlier. The vulnerability enables remote denial of service (daemon crash) via a crafted protocol sequence set, and exists due to an incomplete fix for CVE-2015-0203. Public details in connected assessors note the issue is tied to the qpidd broke...

7.5CVSS6.6AI score0.15119EPSS
Exploits0References14Affected Software1
Positive Technologies
Positive Technologies
added 2017/10/30 12:0 a.m.3 views

PT-2017-6436 · Apache · Apache Qpid

Name of the Vulnerable Software and Affected Versions: Apache Qpid versions 0.30 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a crafted protocol sequence set. This problem exists due to an incomplete fix for a...

7.5CVSS7.4AI score0.15119EPSS
Exploits0References15
OSV
OSV
added 2017/05/15 2:29 p.m.22 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS6.7AI score0.06299EPSS
Exploits1References4
Prion
Prion
added 2017/05/15 2:29 p.m.20 views

Authentication flaw

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

5CVSS7AI score0.06299EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2017/05/15 2:29 p.m.22 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS7.5AI score0.06299EPSS
Exploits1References4
Rows per page
Query Builder