MiracleLinux 4 : qpid-tools-0.14-6.AXS4, qpid-qmf-0.14-14.AXS4, qpid-cpp-0.14-22.AXS4, python-qpid-0.14-11.AXS4 (AXSA:2012-1014:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-1014:04 advisory. qpid-tools: Management and diagnostic tools for Apache Qpid brokers and clients. qpid-qmf-: An extensible management framework layered on Qpid messaging...

EUVD-2013-6294

Malware in sbrugna...

RHEL 6 : python-qpid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-qpid: client does not validate qpid server TLS/SSL certificate CVE-2013-1909 Note that Nessus has not tested...

SUSE CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

Man-in-the-Middle (MitM)

python-qpid is vulnerable to man-in-the-middle attack. SSL connections are not enforced when the qpidprotocol is set to SSL, which would allow a remote attacker to sniff network traffic in a man-in-the-middle attack to obtain confidential information...

Security Bulletin: IBM SmartCloud Orchestrator - OpenStack Compute SSL information disclosure (CVE-2013-6491)

Summary An attacker might exploit this vulnerability using man-in-the-middle techniques to obtain sensitive information. The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl. It allows remote attackers to...

Oracle: Security Advisory (ELSA-2012-1269)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : qpid-cpp-0.32-4.fc21 (2015-9503)

Removed qpid-send and qpid-receive from qpid-cpp-client-devel. Include the qpid.tests module in python-qpid Bumped the release to force a build against Proton 0.9 in F22. Added qpidtoollibs to the qpid-tools package. Fixed path to qpid-ha in the systemd service descriptor. Resolves: BZ1186308 App...

Moderate: Red Hat Security Advisory: qpid security and bug fix update

Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Important: Red Hat Security Advisory: openstack-ceilometer security and bug fix update

Updated OpenStack Telemetry packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which give...

DEBIAN-CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-6491

CVE-2013-6491 affects the OpenStack Oslo stack (OpenStack Nova) using the python-qpid client; specifically, the common/rpc/impl_qpid.py path does not enforce SSL when qpid_protocol is set to ssl, allowing remote attackers to sniff network traffic and obtain sensitive information. The root cause i...

UBUNTU-CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-6491

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

nova: qpid SSL configuration

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

python-qpid: client does not validate qpid server TLS/SSL certificate

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...