EUVD-2018-0658

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-3094

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of...

K23675185: Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432

Security Advisory Description CVE-2016-3094 PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught...

GHSA-Q66C-H853-GQW2 AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...

Fedora Update for qpid-java FEDORA-2017-7b181f9c98

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : qpid-java (2017-7b181f9c98)

fix CVE-2016-8741 rhbz1409836,1409835 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...

[SECURITY] Fedora 25 Update: qpid-java-6.0.4-5.fc25

Qpid Java offers an AMQP-fluent implementation of JMS and a message broker written in Java that stores, routes, and forwards messages using AMQP...

CVE-2016-4432

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...

CVE-2016-3094

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught exception...

UBUNTU-CVE-2016-3094

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught exception...

Code injection

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught exception...

CVE-2016-3094

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught exception...

UBUNTU-CVE-2016-4432

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging...

CVE-2016-3094

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught exception...

CVE-2016-4432

CVE-2016-4432 affects Apache Qpid Java broker before 6.0.3. The AMQP 0-8/0-9/0-91/0-10 connection handling could allow remote attackers to bypass authentication and perform actions via vectors related to connection state logging. The connected documents corroborate the vulnerability in the Java b...

PT-2016-5956 · Apache · Apache Qpid Java

Name of the Vulnerable Software and Affected Versions: Apache Qpid Java versions prior to 6.0.3 Description: The issue concerns the AMQP 0-8, 0-9, 0-91, and 0-10 connection handling, which might allow remote attackers to bypass authentication. This could enable attackers to perform actions via...

PT-2016-5366 · Apache · Apache Qpid Java

Name of the Vulnerable Software and Affected Versions: Apache Qpid Java versions prior to 6.0.3 Description: The issue allows remote attackers to cause a denial of service, leading to broker termination, via a crafted authentication attempt. This occurs when the broker is configured to allow...

CVE-2016-4432

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging. Mitigation If upgrading is not possible, the vulnerability can be mitigate...

CVE-2016-3094

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service broker termination via a crafted authentication attempt, which triggers an uncaught exception...

Apache Qpid Java Broker Authentication Bypass Vulnerability

Apache Qpid Java Broker is the United States Apache Apache Software Foundation developed a use of the Java language written for routing and forwarding mail message middleware. An authentication bypass vulnerability exists in Apache Qpid Java Broke. A remote attacker could exploit the vulnerabilit...