282 matches found
CVE-2018-17187
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...
Default configuration
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...
CVE-2018-17187
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...
CVE-2018-17187
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...
CVE-2018-17187
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...
GHSA-6W3V-66MJ-2QM6 Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...
Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...
Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...
GHSA-4R7G-7CPJ-5JR7 Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 inclusive the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are...
GHSA-269M-695X-J34P Apache Qpid Broker vulnerable to authentication port spoofing
Apache Qpid Broker-J versions 0.18 through 0.32 are vulnerable to authentication port spoofing. When the broker is configured with different authentication providers on different ports, one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to...
Apache Qpid Broker vulnerable to authentication port spoofing
Apache Qpid Broker-J versions 0.18 through 0.32 are vulnerable to authentication port spoofing. When the broker is configured with different authentication providers on different ports, one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to...
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.x before 7.1.0 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit 100MB by default. The broker crashes due to the defect. AMQP protocols 0-10 and...
GHSA-7XR3-RGWH-PW22 Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.x before 7.1.0 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit 100MB by default. The broker crashes due to the defect. AMQP protocols 0-10 and...
GHSA-F5CF-F7PX-XPMH Moderate severity vulnerability that affects org.apache.qpid:proton-j
The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain...
Moderate severity vulnerability that affects org.apache.qpid:proton-j
The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain...
Improper Input Validation in org.apache.qpid:qpid-broker
PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught exception...
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...
GHSA-Q66C-H853-GQW2 AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...
com.confluex:qpid-in-a-can (=0.2.0), com.dell.cpsd.common.messaging:common-testing (=1.5.0) +22 more potentially affected by CVE-2016-4432 via org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol (>=0.24 <=6.0.2)
org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol MAVEN version =0.24, =2.0.0, =1.0.0, =0.1, =0.1, =10.0.0, =0.24, =0.24, =0.24, =10.0.0, =10.0.1 and more Source cves: CVE-2016-4432 Source advisory: OSV:GHSA-Q66C-H853-GQW2...
CVE-2018-8030
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit 100MB by default. The broker crashes due to the defect. AMQP protocols 0-10 and 1.0...