Lucene search
K

282 matches found

RedhatCVE
RedhatCVE
added 2018/11/21 2:19 a.m.28 views

CVE-2018-17187

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

7.4CVSS0.9AI score0.02539EPSS
Exploits0References2
Prion
Prion
added 2018/11/13 3:29 p.m.17 views

Default configuration

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

5.8CVSS7.3AI score0.02539EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/11/13 3:29 p.m.13 views

CVE-2018-17187

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

7.4CVSS7.3AI score0.02539EPSS
Exploits0References4
OSV
OSV
added 2018/11/13 3:29 p.m.19 views

CVE-2018-17187

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

7.4CVSS7.4AI score0.02539EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2018/11/13 3:0 p.m.19 views

CVE-2018-17187

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

7.4CVSS7.3AI score0.02539EPSS
Exploits0
OSV
OSV
added 2018/10/19 4:41 p.m.24 views

GHSA-6W3V-66MJ-2QM6 Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...

5.9CVSS6.1AI score0.02373EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2018/10/19 4:41 p.m.34 views

Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...

5.9CVSS2.3AI score0.02373EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/19 4:41 p.m.31 views

Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...

7.5CVSS4.1AI score0.04389EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/10/19 4:41 p.m.5 views

GHSA-4R7G-7CPJ-5JR7 Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...

7.5CVSS5.9AI score0.04389EPSS
Exploits0References7
OSV
OSV
added 2018/10/19 4:41 p.m.23 views

GHSA-269M-695X-J34P Apache Qpid Broker vulnerable to authentication port spoofing

Apache Qpid Broker-J versions 0.18 through 0.32 are vulnerable to authentication port spoofing. When the broker is configured with different authentication providers on different ports, one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to...

9.8CVSS9.7AI score0.06214EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2018/10/19 4:41 p.m.33 views

Apache Qpid Broker vulnerable to authentication port spoofing

Apache Qpid Broker-J versions 0.18 through 0.32 are vulnerable to authentication port spoofing. When the broker is configured with different authentication providers on different ports, one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to...

9.8CVSS1.9AI score0.06214EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 7:50 p.m.36 views

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.x before 7.1.0 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit 100MB by default. The broker crashes due to the defect. AMQP protocols 0-10 and...

7.5CVSS7.4AI score0.03977EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/10/16 7:50 p.m.31 views

GHSA-7XR3-RGWH-PW22 Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.x before 7.1.0 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit 100MB by default. The broker crashes due to the defect. AMQP protocols 0-10 and...

7.5CVSS7.3AI score0.03977EPSS
Exploits0References7
OSV
OSV
added 2018/10/16 7:50 p.m.21 views

GHSA-F5CF-F7PX-XPMH Moderate severity vulnerability that affects org.apache.qpid:proton-j

The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain...

6.5CVSS6.6AI score0.04267EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2018/10/16 7:50 p.m.32 views

Moderate severity vulnerability that affects org.apache.qpid:proton-j

The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain...

6.5CVSS5.2AI score0.04267EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 7:50 p.m.40 views

Improper Input Validation in org.apache.qpid:qpid-broker

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught exception...

5.9CVSS6AI score0.07829EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/16 7:49 p.m.32 views

AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...

9.1CVSS5.4AI score0.08148EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2018/10/16 7:49 p.m.2 views

GHSA-Q66C-H853-GQW2 AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...

9.1CVSS5.9AI score0.08148EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2018/10/16 7:49 p.m.5 views

com.confluex:qpid-in-a-can (=0.2.0), com.dell.cpsd.common.messaging:common-testing (=1.5.0) +22 more potentially affected by CVE-2016-4432 via org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol (>=0.24 <=6.0.2)

org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol MAVEN version =0.24, =2.0.0, =1.0.0, =0.1, =0.1, =10.0.0, =0.24, =0.24, =0.24, =10.0.0, =10.0.1 and more Source cves: CVE-2016-4432 Source advisory: OSV:GHSA-Q66C-H853-GQW2...

9.1CVSS7.2AI score0.08148EPSS
Exploits0
NVD
NVD
added 2018/06/20 1:29 a.m.24 views

CVE-2018-8030

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit 100MB by default. The broker crashes due to the defect. AMQP protocols 0-10 and 1.0...

7.5CVSS7.4AI score0.03977EPSS
Exploits0References2
Rows per page
Query Builder