Lucene search
+L

282 matches found

Cvelist
Cvelist
added 2017/05/15 2:0 p.m.24 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.4AI score0.06299EPSS
Exploits1References4
CVE
CVE
added 2017/05/15 2:0 p.m.91 views

CVE-2016-8741

Apache Qpid Broker for Java (6.0.x before 6.0.6; 6.1.x before 6.1.1) is affected. The SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProviders prematurely terminate SCRAM SASL negotiation when the provided username does not exist, enabling remote attackers to determine whether a user exists. The iss...

7.5CVSS7.3AI score0.06299EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2017/05/15 12:0 a.m.3 views

PT-2017-9775 · Apache · Apache Qpid Broker For Java

Name of the Vulnerable Software and Affected Versions: Apache Qpid Broker for Java versions 6.0.x through 6.0.5 Apache Qpid Broker for Java versions 6.1.x through 6.1.0 Description: The Apache Qpid Broker for Java can be configured to use different AuthenticationProviders to handle user...

7.5CVSS5.9AI score0.06299EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2017/05/02 2:59 p.m.25 views

CVE-2016-4467

The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when using the SChannel-based security layer,...

5.9CVSS6.4AI score0.01624EPSS
Exploits0References2
Prion
Prion
added 2017/05/02 2:59 p.m.13 views

Design/Logic Flaw

The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when using the SChannel-based security layer,...

4.3CVSS7.1AI score0.01624EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2017/05/02 2:0 p.m.43 views

CVE-2016-4467

The CVE-2016-4467 issue affects the C client and C-based client bindings in the Apache Qpid Proton library prior to 0.13.1 on Windows. The root cause is improper verification of the server hostname against the domain name in the certificate’s CN or subjectAltName when using the SChannel security ...

5.9CVSS5.7AI score0.01624EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2017/05/02 2:0 p.m.18 views

CVE-2016-4467

The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when using the SChannel-based security layer,...

5.7AI score0.01624EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2017/05/02 2:0 p.m.29 views

CVE-2016-4467

The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when using the SChannel-based security layer,...

5.9CVSS5.7AI score0.01624EPSS
Exploits0
0day.today
0day.today
added 2016/12/29 12:0 a.m.58 views

Apache Qpid Broker For Java 6.1.0 Information Leak Vulnerability

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders prematurely terminate the...

5CVSS7.5AI score0.06299EPSS
Exploits1
CNVD
CNVD
added 2016/07/20 12:0 a.m.7 views

Apache Qpid Proton Security Bypass Vulnerability

Apache Qpid Proton is the United States Apache Apache Software Foundation developed a high-performance, lightweight messaging library. A security bypass vulnerability exists in Apache Qpid Proton versions 0.8 through 0.13.0, which can be exploited by an attacker to conduct a man-in-the-middle...

5.9CVSS6.8AI score0.01624EPSS
Exploits0References1
NVD
NVD
added 2016/07/13 3:59 p.m.24 views

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5CVSS7.5AI score0.06192EPSS
Exploits0References7
OSV
OSV
added 2016/07/13 3:59 p.m.5 views

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5CVSS6.1AI score0.06192EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2016/07/13 3:59 p.m.25 views

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5CVSS7.4AI score0.06192EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/07/13 3:0 p.m.28 views

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5AI score0.06192EPSS
Exploits0References7
CVE
CVE
added 2016/07/13 3:0 p.m.62 views

CVE-2016-4974

CVE-2016-4974 affects Apache Qpid AMQP 0-x JMS client prior to 6.0.4 and JMS (AMQP 1.0) prior to 0.10.0. The root cause is insufficient restriction of classes on the classpath, allowing remote authenticated users to deserialize arbitrary objects via a crafted JMS ObjectMessage handled by getObjec...

7.5CVSS7.5AI score0.06192EPSS
Exploits0References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.11 views

The vulnerability of the Apache Qpid message exchange system, which allows a malicious actor to gain access as a legitimate user.

The Apache Qpid system for exchanging programmatic messages contains a vulnerability related to an authentication error during the processing of shadowed connections for AMQP clients. With a specially crafted request, a malicious individual can impersonate a legitimate user...

5CVSS5.5AI score0.06394EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2016/07/05 12:0 a.m.6 views

Apache Qpid AMQP 0-x JMS Client and Qpid JMS Client Deserialization Vulnerabilities

Apache Qpid is the United States Apache Apache Software Foundation developed an object-oriented messaging middleware , it is an AMQP Advanced Message Queuing Protocol implementation , you can communicate with AMQP-compliant systems , and provides client libraries in C + + + , Python, Java, C and...

7.5CVSS6.9AI score0.06192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/07/04 9:23 a.m.23 views

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5CVSS4.6AI score0.06192EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2016/06/16 12:0 a.m.35 views

SOL23675185 - Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.1CVSS2.4AI score0.08148EPSS
Exploits0References4
NVD
NVD
added 2016/06/01 8:59 p.m.27 views

CVE-2016-4432

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...

9.1CVSS9.3AI score0.08148EPSS
Exploits0References7
Rows per page
Query Builder