282 matches found
qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS
Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service file descriptor consumption via a large number of incomplete connections...
Authentication flaw
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...
CVE-2012-3467
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...
Apache QPID NullAuthenticator验证绕过漏洞
Bugtraq ID:54954 CVE ID:CVE-2012-3467 Apache Qpid Open Source AMQP Messaging是一个跨平台的企业通讯解决方案,实现了高级消息队列协议。 Apache Qpid C++库实现存在安全缺陷,允许在影子链接shadow connections中使用NullAuthenticator机制进行验证,导致AMQP客户端应用绕过验证访问broker。 0 bitcoind/Bitcoin-Qt 0.3.11之前版本 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...
CVE-2011-3620
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...
Design/Logic Flaw
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...
CVE-2011-3620
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...
CVE-2011-3620
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...
CVE-2011-3620
CVE-2011-3620 affects Apache Qpid prior to fixed releases; a flaw in the cluster-join credential verification allows remote attackers who know a valid cluster-username to obtain access to messaging and job functionality. Red Hat advisories (RHSA-2012:0528/0529) state the fix changes to the cluste...
Apache Qpid非法访问安全限制绕过漏洞
BUGTRAQ ID: 53305 CVE ID: CVE-2011-3620 Apache Qpid(Open Source AMQP Messaging)是一个跨平台的企业通讯解决方案,实现了高级消息队列协议。 Apache Qpid 0.12在通过群集用户名连接群集时没有验证SASL证书的密码,可通过恶意的代理非法访问群集。 0 Apache Group Qpid 0.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/...
Code injection
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...
CVE-2009-5005
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...
CVE-2009-5005
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...
CVE-2009-5006
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service NULL pointer...
CVE-2009-5005
CVE-2009-5005 affects Apache Qpid used in Red Hat Enterprise MRG Messaging and Grid before version 1.3. The vulnerability is in Cluster::deliveredEvent handling of AMQP data, allowing a remote attacker to trigger a denial of service (daemon crash and cluster outage) through invalid AMQP data. Red...
CVE-2009-5006
Apache Qpid's broker (C++ SessionAdapter::ExchangeHandlerImpl::checkAlternate) before version 0.6, used in Red Hat Enterprise MRG before 1.3, is affected. A remote authenticated user can trigger a NULL pointer dereference by attempting to redeclare an existing exchange while adding an alternate e...
Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Messaging and Grid Version 1.3
Updated packages that fix two security issues, several bugs, and add multiple enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise MRG Messaging and Grid for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as havi...
Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Messaging and Grid Version 1.3
Updated packages that fix two security issues, several bugs, and add multiple enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise MRG Messaging and Grid for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as havi...
Design/Logic Flaw
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...
CVE-2010-3083
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...