Lucene search
K

282 matches found

UbuntuCve
UbuntuCve
added 2019/04/23 4:29 p.m.37 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...

7.4CVSS6.8AI score0.06201EPSS
Exploits0References14
OSV
OSV
added 2019/04/23 4:29 p.m.10 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...

7.4CVSS7AI score
Exploits0References18
CVE
CVE
added 2019/04/23 3:57 p.m.192 views

CVE-2019-0223

CVE-2019-0223 concerns Apache Qpid Proton (C library and bindings) versions 0.9–0.27.0. Under TLS with OpenSSL versions before 1.1.0, a peer could be connected anonymously even when peer cert verification is configured, enabling a potential undetected man-in-the-middle attack if TLS traffic is in...

7.4CVSS7AI score0.06201EPSS
Exploits0References18Affected Software1
Debian CVE
Debian CVE
added 2019/04/23 3:57 p.m.41 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...

7.4CVSS6.5AI score0.06201EPSS
Exploits0
Cvelist
Cvelist
added 2019/04/23 3:57 p.m.45 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...

7.1AI score0.06201EPSS
Exploits0References18
BDU FSTEC
BDU FSTEC
added 2019/03/22 12:0 a.m.5 views

The vulnerability of the Apache Qpid Broker-J messaging system, which exists due to insufficient validation of input data, allows a perpetrator to trigger a service failure.

The Apache Qpid Broker-J system has vulnerabilities due to insufficient validation of input data. Exploiting these vulnerabilities can allow a malicious actor to cause service failures remotely...

7.8CVSS7.2AI score0.03815EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/03/07 6:48 p.m.20 views

GHSA-C9H6-XHG9-XXRV Improper Input Validation in Apache Qpid Broker-J

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 inclusive and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 AMQP 0-8, 0-9, 0-91 and 0-10. Users of...

7.5CVSS7.5AI score0.03815EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/03/07 6:48 p.m.49 views

Improper Input Validation in Apache Qpid Broker-J

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 inclusive and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 AMQP 0-8, 0-9, 0-91 and 0-10. Users of...

7.5CVSS4.7AI score0.03815EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2019/03/06 6:29 p.m.13 views

Denial of service

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 inclusive and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 AMQP 0-8, 0-9, 0-91 and 0-10. Users of...

5CVSS7.6AI score0.03815EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/03/06 6:29 p.m.15 views

CVE-2019-0200

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 inclusive and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 AMQP 0-8, 0-9, 0-91 and 0-10. Users of...

7.5CVSS7.6AI score
Exploits0References2
CVE
CVE
added 2019/03/06 6:0 p.m.83 views

CVE-2019-0200

Apache Qpid Broker-J is affected by a Denial of Service (DoS) vulnerability CVE-2019-0200 in versions 6.0.0–7.0.6 inclusive and 7.1.0. An unauthenticated attacker can crash the broker by sending specially crafted commands over AMQP protocol versions below 1.0 (0-8, 0-9, 0-91, 0-10). Remediation: ...

7.5CVSS7.5AI score0.03815EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/03/06 6:0 p.m.30 views

CVE-2019-0200

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 inclusive and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 AMQP 0-8, 0-9, 0-91 and 0-10. Users of...

7.6AI score0.03815EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/03/06 12:0 a.m.6 views

PT-2019-2586 · Apache +1 · Apache Qpid Proton +1

Name of the Vulnerable Software and Affected Versions: Apache Qpid Proton versions 0.9 through 0.27.0 Description: The issue is related to errors in the certificate authentication procedure, allowing a remote attacker to implement a man-in-the-middle attack and intercept TLS traffic by anonymousl...

7.4CVSS6.4AI score0.06201EPSS
Exploits0References47
CNVD
CNVD
added 2019/03/05 12:0 a.m.5 views

Apache Qpid Broker-J Denial of Service Vulnerability

Apache Qpid is an object-oriented messaging middleware from the Apache Apache Software Foundation. The product is an AMQP Advanced Message Queuing Protocol implementation that can communicate with AMQP-compliant systems and provides a client library in C++, Python, Java, C and other programming...

7.5CVSS7AI score0.03815EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/03/04 2:50 p.m.32 views

CVE-2019-0200

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 inclusive and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 AMQP 0-8, 0-9, 0-91 and 0-10. Users of...

7.5CVSS4.7AI score0.03815EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/15 9:4 a.m.26 views

Denial Of Service (DoS0

qpid-cpp-mrg is vulnerable to denial of service DoS attacks. The vulnerability exists as the qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service daemon crash via an AMQP message with 1 an invalid range in a sequence set, 2 content-bearing...

6.5CVSS6.2AI score0.08682EPSS
Exploits0References7Affected Software53
Veracode
Veracode
added 2019/01/15 8:58 a.m.22 views

Authentication Bypass

qpid is vulnerable to authentication bypass attacks. The vulnerability exists as the default configuration for Apache Qpid 0.20 and earlier, when the federationtag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass...

6.8CVSS6.5AI score0.04913EPSS
Exploits0References47Affected Software14
Veracode
Veracode
added 2019/01/15 8:57 a.m.23 views

Denial Of Service (DoS)

qpid is vulnerable to denial of service DoS attacks. The vulnerability exists as Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service file descriptor consumption via a large number of incomplete connections...

5CVSS5.8AI score0.04236EPSS
Exploits0References13Affected Software14
OSV
OSV
added 2018/11/21 10:22 p.m.21 views

GHSA-XVCH-R4WF-H8W9 Improper Certificate Validation in proton-j

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

7.4CVSS7.3AI score0.02539EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2018/11/21 10:22 p.m.20 views

Improper Certificate Validation in proton-j

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

7.4CVSS1.1AI score0.02539EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder