Lucene search
K

282 matches found

RedHat Linux
RedHat Linux
added 2012/09/19 5:18 p.m.3 views

qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS

Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service file descriptor consumption via a large number of incomplete connections...

5CVSS5.8AI score0.04236EPSS
Exploits0References4
Prion
Prion
added 2012/08/27 11:55 p.m.17 views

Authentication flaw

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...

5CVSS7.1AI score0.06394EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2012/08/27 11:0 p.m.29 views

CVE-2012-3467

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...

6.4AI score0.06394EPSS
Exploits1References10
seebug.org
seebug.org
added 2012/08/13 12:0 a.m.33 views

Apache QPID NullAuthenticator验证绕过漏洞

Bugtraq ID:54954 CVE ID:CVE-2012-3467 Apache Qpid Open Source AMQP Messaging是一个跨平台的企业通讯解决方案,实现了高级消息队列协议。 Apache Qpid C++库实现存在安全缺陷,允许在影子链接shadow connections中使用NullAuthenticator机制进行验证,导致AMQP客户端应用绕过验证访问broker。 0 bitcoind/Bitcoin-Qt 0.3.11之前版本 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...

5CVSS0.6AI score0.06394EPSS
Exploits1
NVD
NVD
added 2012/05/03 11:55 p.m.34 views

CVE-2011-3620

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...

7.5CVSS6.5AI score0.0531EPSS
Exploits1References5
Prion
Prion
added 2012/05/03 11:55 p.m.19 views

Design/Logic Flaw

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...

7.5CVSS7AI score0.0531EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2012/05/03 11:55 p.m.19 views

CVE-2011-3620

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...

7.5CVSS5.9AI score0.0531EPSS
Exploits1References4
Cvelist
Cvelist
added 2012/05/03 11:0 p.m.38 views

CVE-2011-3620

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...

6.4AI score0.0531EPSS
Exploits1References5
CVE
CVE
added 2012/05/03 11:0 p.m.70 views

CVE-2011-3620

CVE-2011-3620 affects Apache Qpid prior to fixed releases; a flaw in the cluster-join credential verification allows remote attackers who know a valid cluster-username to obtain access to messaging and job functionality. Red Hat advisories (RHSA-2012:0528/0529) state the fix changes to the cluste...

7.5CVSS6.5AI score0.0531EPSS
Exploits1References5Affected Software1
seebug.org
seebug.org
added 2012/05/03 12:0 a.m.28 views

Apache Qpid非法访问安全限制绕过漏洞

BUGTRAQ ID: 53305 CVE ID: CVE-2011-3620 Apache Qpid(Open Source AMQP Messaging)是一个跨平台的企业通讯解决方案,实现了高级消息队列协议。 Apache Qpid 0.12在通过群集用户名连接群集时没有验证SASL证书的密码,可通过恶意的代理非法访问群集。 0 Apache Group Qpid 0.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/...

7.5CVSS6.4AI score0.0531EPSS
Exploits1
Prion
Prion
added 2010/10/18 5:0 p.m.18 views

Code injection

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

5CVSS7.1AI score0.05927EPSS
Exploits0References7Affected Software2
ATTACKERKB
ATTACKERKB
added 2010/10/18 5:0 p.m.2 views

CVE-2009-5005

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

5CVSS5.6AI score0.05927EPSS
Exploits0References8
Cvelist
Cvelist
added 2010/10/18 4:0 p.m.30 views

CVE-2009-5005

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service daemon crash and cluster outage via invalid AMQP data...

6.6AI score0.05927EPSS
Exploits0References7
Cvelist
Cvelist
added 2010/10/18 4:0 p.m.32 views

CVE-2009-5006

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service NULL pointer...

6.2AI score0.04086EPSS
Exploits0References8
CVE
CVE
added 2010/10/18 4:0 p.m.68 views

CVE-2009-5005

CVE-2009-5005 affects Apache Qpid used in Red Hat Enterprise MRG Messaging and Grid before version 1.3. The vulnerability is in Cluster::deliveredEvent handling of AMQP data, allowing a remote attacker to trigger a denial of service (daemon crash and cluster outage) through invalid AMQP data. Red...

5CVSS6.8AI score0.05927EPSS
Exploits0References7Affected Software2
CVE
CVE
added 2010/10/18 4:0 p.m.65 views

CVE-2009-5006

Apache Qpid's broker (C++ SessionAdapter::ExchangeHandlerImpl::checkAlternate) before version 0.6, used in Red Hat Enterprise MRG before 1.3, is affected. A remote authenticated user can trigger a NULL pointer dereference by attempting to redeclare an existing exchange while adding an alternate e...

4CVSS6.4AI score0.04086EPSS
Exploits0References8Affected Software2
RedHat Linux
RedHat Linux
added 2010/10/14 4:9 p.m.7 views

Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Messaging and Grid Version 1.3

Updated packages that fix two security issues, several bugs, and add multiple enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise MRG Messaging and Grid for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as havi...

5CVSS5.8AI score0.05927EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2010/10/14 3:53 p.m.228 views

Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Messaging and Grid Version 1.3

Updated packages that fix two security issues, several bugs, and add multiple enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise MRG Messaging and Grid for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as havi...

5CVSS5.8AI score0.05927EPSS
Exploits0References193
Prion
Prion
added 2010/10/12 9:0 p.m.19 views

Design/Logic Flaw

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...

4.3CVSS7.1AI score0.04711EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2010/10/12 8:0 p.m.35 views

CVE-2010-3083

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...

6.6AI score0.04711EPSS
Exploits0References6
Rows per page
Query Builder