2 matches found
com.confluex:qpid-in-a-can (=0.2.0), com.dell.cpsd.common.messaging:common-testing (=1.5.0) +22 more potentially affected by CVE-2017-15702 via org.apache.qpid:qpid-broker (>=0.18 <=10.0.1)
org.apache.qpid:qpid-broker MAVEN version =0.18, =2.0.0, =1.0.0, =0.1, =0.1, =10.0.0, =0.18, =0.18, =0.18, =0.24 - org.apache.qpid:qpid-broker-plugins-amqp-0-10-protocol =0.24 - org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol =0.24 - org.apache.qpid:qpid-broker-plugins-amqp-1-0-protocol =0....
CVE-2017-15702
Apache Qpid Broker-J versions 0.18–0.32 are vulnerable to authentication port spoofing: if different authentication providers are configured on multiple ports and one is an HTTP port, a remote unauthenticated attacker connecting to the HTTP port can cause the broker to use the authentication prov...