Lucene search
K

282 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.17 views

RHEL 6 : qpid-cpp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qpid-cpp: anonymous access to qpidd cannot be prevented CVE-2015-0223 - qpid-cpp: AMQP 0-10 protocol...

7.5CVSS7.1AI score0.15119EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.17 views

RHEL 7 : qpid-cpp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qpid-cpp: anonymous access to qpidd cannot be prevented CVE-2015-0223 - qpid-cpp: AMQP 0-10 protocol...

7.5CVSS7.8AI score0.15119EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.35 views

K23675185: Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432

Security Advisory Description CVE-2016-3094 PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught...

9.1CVSS6.8AI score0.08148EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.3 views

SUSE CVE-2016-2166

The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain...

6.5CVSS6.7AI score0.04267EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 4:44 p.m.32 views

Withdrawn Advisory: Improper Certificate Validation in Apache Qpid Proton

Withdrawn Advisory This advisory has been withdrawn because the vulnerability only affects the Qpid Proton C library and not org.apache.qpid:proton-j. This link has been maintained to preserve external references. Original Description While investigating bug PROTON-2014, we discovered that under...

7.4CVSS6.3AI score0.06201EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2022/05/17 5:13 a.m.21 views

GHSA-MRGH-6X42-X6XF Improper Authentication in Apache Qpid

The default configuration for Apache Qpid 0.20 and earlier, when the federationtag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request...

6.8CVSS6.7AI score0.04913EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 5:13 a.m.37 views

Improper Authentication in Apache Qpid

The default configuration for Apache Qpid 0.20 and earlier, when the federationtag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request...

6.8CVSS7.1AI score0.04913EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 2:24 a.m.24 views

GHSA-8VVH-CRQV-JM64 Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS7.3AI score0.06181EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/17 2:24 a.m.33 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS3.2AI score0.06181EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/05/17 1:44 a.m.18 views

GHSA-PHW8-FW9G-V3XC Apache QPID Allows Remote Authentication Bypass

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...

5CVSS6.2AI score0.06394EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2022/05/17 1:44 a.m.28 views

Apache QPID Allows Remote Authentication Bypass

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...

5CVSS7AI score0.06394EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:46 a.m.30 views

Improper Input Validation in Apache Qpid AMQP 0-x JMS

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5CVSS2.7AI score0.06192EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/13 1:8 a.m.5 views

GHSA-3G2P-7C6P-VJ8C Apache Qpid Python client Improper certificate validation

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

8.7CVSS6.2AI score0.01573EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/05/13 1:8 a.m.24 views

Apache Qpid Python client Improper certificate validation

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.6AI score0.01573EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2020/04/10 12:52 a.m.26 views

Denial Of Service (DoS)

apache qpid is vulnerable to denial of service. A flaw was found in the way Apache Qpid handled a request to redeclare an existing exchange while adding a new alternate exchange. If a remote, authenticated user issued such a request, the server would crash, resulting in the cluster shutting down...

4CVSS2AI score0.04086EPSS
Exploits0References11Affected Software16
Veracode
Veracode
added 2020/04/10 12:52 a.m.26 views

Denial Of Service (DoS)

apache qpid is vulnerable to denial of service. A flaw was found in the way Apache Qpid handled the receipt of invalid AMQP data. A remote user could send invalid AMQP data to the server, causing it to crash, resulting in the cluster shutting down...

5CVSS1.7AI score0.05927EPSS
Exploits0References10Affected Software16
Veracode
Veracode
added 2019/05/16 2:19 a.m.20 views

Denial Of Service (DoS)

Apache Qpid Dispatch Router is vulnerable to denial of service attacks. A remote, authenticated attacker could exploit the flawed JAMQP component to cause denial of service conditions via a specifically crafted AMQP frame which will cause a segfault and shut down...

6.5CVSS6.8AI score0.03213EPSS
Exploits0References104Affected Software53
Veracode
Veracode
added 2019/04/24 8:9 a.m.24 views

Improper TLS Certificate Validation

Apache Qpid Proton is vulnerable to man-in-the-middle MitM attacks. A remote attacker is able to intercept TLS traffic as the application provides anonymous ciphers to authenticate a client regardless of the client's configuration to verify the server's certificate or hostname. The vulnerability ...

7.4CVSS7AI score0.06201EPSS
Exploits0References26Affected Software3
Prion
Prion
added 2019/04/23 4:29 p.m.15 views

Code injection

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...

5.8CVSS7AI score0.06201EPSS
Exploits0References18Affected Software9
OSV
OSV
added 2019/04/23 4:29 p.m.9 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...

7.4CVSS7AI score
Exploits0References18
Rows per page
Query Builder