282 matches found
CVE-2018-1298
A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...
CVE-2017-15702
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...
Apache Qpid Broker-J Security Bypass Vulnerability
Apache Qpid is the United States Apache Apache Software Foundation developed an object-oriented messaging middleware , it is an AMQP Advanced Message Queuing Protocol implementation , you can communicate with AMQP-compliant systems , and provides a C++, Python, Java, C and other programming...
Authentication Port Spoofing
Apache Qpid Broker-J is vulnerable to authentication port spoofing. An attacker can use an HTTP port to trick the library into using an authentication provider which is configured for a different port number referred to as the spoofed port. This becomes a vulnerability when the spoofed port has a...
Authentication flaw
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...
CVE-2017-15702
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...
CVE-2017-15702
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...
Memory corruption
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...
CVE-2017-15701
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...
CVE-2017-15701
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...
CVE-2017-15701
The CVE-2017-15701 entry applies to Apache Qpid Broker-J versions 6.1.0–6.1.4, where AMQP 1.0 frame size is not properly enforced, allowing a remote unauthenticated attacker to exhaust memory and cause DoS. A fix is available in 6.1.5 and later; upgrade to 6.1.5+ or apply the applicable mitigatio...
PT-2017-14151 · Apache · Apache Qpid Broker-J
Name of the Vulnerable Software and Affected Versions: Apache Qpid Broker-J versions 0.18 through 0.32 Description: The issue allows a remote unauthenticated attacker to trick the broker into using an authentication provider configured on a different port when connecting to an HTTP port. This...
CVE-2017-15699
A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and...
Design/Logic Flaw
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203...
CVE-2015-0224
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203...
CVE-2015-0224
CVE-2015-0224 affects qpidd (Apache Qpid) 0.30 and earlier. The vulnerability enables remote denial of service (daemon crash) via a crafted protocol sequence set, and exists due to an incomplete fix for CVE-2015-0203. Public details in connected assessors note the issue is tied to the qpidd broke...
PT-2017-6436 · Apache · Apache Qpid
Name of the Vulnerable Software and Affected Versions: Apache Qpid versions 0.30 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a crafted protocol sequence set. This problem exists due to an incomplete fix for a...
CVE-2016-8741
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...
Authentication flaw
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...
CVE-2016-8741
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...