538 matches found
GHSA-MRGH-6X42-X6XF Improper Authentication in Apache Qpid
The default configuration for Apache Qpid 0.20 and earlier, when the federationtag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request...
Improper Authentication in Apache Qpid
The default configuration for Apache Qpid 0.20 and earlier, when the federationtag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request...
com.itv:bucky-example_2.11 (>=0.10 <=1.4.5), com.itv:bucky-example_2.12 (>=0.10 <=1.4.5) +4 more potentially affected by CVE-2016-8741 via org.apache.qpid:qpid-broker (=6.0.4)
org.apache.qpid:qpid-broker MAVEN version =6.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.qpid:qpid-broker and may be impacted: - com.itv:bucky-example2.11 =0.10, =0.10, =0.10, =0.10, =1.4.5 - com.itv:bucky-wiring2.11 =1.4.5 -...
GHSA-8VVH-CRQV-JM64 Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...
GHSA-PHW8-FW9G-V3XC Apache QPID Allows Remote Authentication Bypass
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...
Apache QPID Allows Remote Authentication Bypass
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...
GHSA-F38P-MQ64-H784 Improper Input Validation in Apache Qpid AMQP 0-x JMS
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...
Improper Input Validation in Apache Qpid AMQP 0-x JMS
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...
GHSA-3G2P-7C6P-VJ8C Apache Qpid Python client Improper certificate validation
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Apache Qpid Python client Improper certificate validation
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
RHEL 8 : Red Hat OpenStack Platform 16.1 (golang-qpid-apache) (RHSA-2022:0989)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0989 advisory. Golang binding library for qpid-proton Security Fixes: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (golang-qpid-apache) security update
An update for golang-qpid-apache is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : Red Hat OpenStack Platform 16.2 (golang-qpid-apache) (RHSA-2022:0997)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0997 advisory. Golang binding library for qpid-proton Security Fixes: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (golang-qpid-apache) security update
An update for golang-qpid-apache is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2019-0223
A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...
Authentication Bypass
org.apache.qpid, qpid-broker is vulnerable to authentication bypass. The vulnerability exists due to the function TrustManger allowing all certificates to pass the verification...
CVE-2019-3845
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...
Denial Of Service (DoS)
apache qpid is vulnerable to denial of service. A flaw was found in the way Apache Qpid handled a request to redeclare an existing exchange while adding a new alternate exchange. If a remote, authenticated user issued such a request, the server would crash, resulting in the cluster shutting down...
Denial Of Service (DoS)
apache qpid is vulnerable to denial of service. A flaw was found in the way Apache Qpid handled the receipt of invalid AMQP data. A remote user could send invalid AMQP data to the server, causing it to crash, resulting in the cluster shutting down...