282 matches found
CVE-2016-8741
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...
CVE-2016-8741
Apache Qpid Broker for Java (6.0.x before 6.0.6; 6.1.x before 6.1.1) is affected. The SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProviders prematurely terminate SCRAM SASL negotiation when the provided username does not exist, enabling remote attackers to determine whether a user exists. The iss...
PT-2017-9775 · Apache · Apache Qpid Broker For Java
Name of the Vulnerable Software and Affected Versions: Apache Qpid Broker for Java versions 6.0.x through 6.0.5 Apache Qpid Broker for Java versions 6.1.x through 6.1.0 Description: The Apache Qpid Broker for Java can be configured to use different AuthenticationProviders to handle user...
CVE-2016-4467
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when using the SChannel-based security layer,...
Design/Logic Flaw
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when using the SChannel-based security layer,...
CVE-2016-4467
The CVE-2016-4467 issue affects the C client and C-based client bindings in the Apache Qpid Proton library prior to 0.13.1 on Windows. The root cause is improper verification of the server hostname against the domain name in the certificate’s CN or subjectAltName when using the SChannel security ...
CVE-2016-4467
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when using the SChannel-based security layer,...
CVE-2016-4467
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when using the SChannel-based security layer,...
Apache Qpid Broker For Java 6.1.0 Information Leak Vulnerability
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders prematurely terminate the...
Apache Qpid Proton Security Bypass Vulnerability
Apache Qpid Proton is the United States Apache Apache Software Foundation developed a high-performance, lightweight messaging library. A security bypass vulnerability exists in Apache Qpid Proton versions 0.8 through 0.13.0, which can be exploited by an attacker to conduct a man-in-the-middle...
CVE-2016-4974
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...
CVE-2016-4974
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...
CVE-2016-4974
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...
CVE-2016-4974
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...
CVE-2016-4974
CVE-2016-4974 affects Apache Qpid AMQP 0-x JMS client prior to 6.0.4 and JMS (AMQP 1.0) prior to 0.10.0. The root cause is insufficient restriction of classes on the classpath, allowing remote authenticated users to deserialize arbitrary objects via a crafted JMS ObjectMessage handled by getObjec...
The vulnerability of the Apache Qpid message exchange system, which allows a malicious actor to gain access as a legitimate user.
The Apache Qpid system for exchanging programmatic messages contains a vulnerability related to an authentication error during the processing of shadowed connections for AMQP clients. With a specially crafted request, a malicious individual can impersonate a legitimate user...
Apache Qpid AMQP 0-x JMS Client and Qpid JMS Client Deserialization Vulnerabilities
Apache Qpid is the United States Apache Apache Software Foundation developed an object-oriented messaging middleware , it is an AMQP Advanced Message Queuing Protocol implementation , you can communicate with AMQP-compliant systems , and provides client libraries in C + + + , Python, Java, C and...
CVE-2016-4974
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...
SOL23675185 - Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
CVE-2016-4432
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...