MiracleLinux 4 : qpid-tools-0.14-6.AXS4, qpid-qmf-0.14-14.AXS4, qpid-cpp-0.14-22.AXS4, python-qpid-0.14-11.AXS4 (AXSA:2012-1014:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-1014:04 advisory. qpid-tools: Management and diagnostic tools for Apache Qpid brokers and clients. qpid-qmf-: An extensible management framework layered on Qpid messaging...

EUVD-2013-6294

Malware in sbrugna...

SUSE CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

Security Bulletin: IBM SmartCloud Orchestrator - OpenStack Compute SSL information disclosure (CVE-2013-6491)

Summary An attacker might exploit this vulnerability using man-in-the-middle techniques to obtain sensitive information. The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl. It allows remote attackers to...

CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

nova: qpid SSL configuration

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

python-qpid: client does not validate qpid server TLS/SSL certificate

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...