Lucene search
K

538 matches found

OSV
OSV
added 2022/05/17 5:13 a.m.21 views

GHSA-MRGH-6X42-X6XF Improper Authentication in Apache Qpid

The default configuration for Apache Qpid 0.20 and earlier, when the federationtag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request...

6.8CVSS6.7AI score0.04913EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 5:13 a.m.37 views

Improper Authentication in Apache Qpid

The default configuration for Apache Qpid 0.20 and earlier, when the federationtag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request...

6.8CVSS7.1AI score0.04913EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 2:24 a.m.9 views

com.itv:bucky-example_2.11 (>=0.10 <=1.4.5), com.itv:bucky-example_2.12 (>=0.10 <=1.4.5) +4 more potentially affected by CVE-2016-8741 via org.apache.qpid:qpid-broker (=6.0.4)

org.apache.qpid:qpid-broker MAVEN version =6.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.qpid:qpid-broker and may be impacted: - com.itv:bucky-example2.11 =0.10, =0.10, =0.10, =0.10, =1.4.5 - com.itv:bucky-wiring2.11 =1.4.5 -...

7.5CVSS6.7AI score0.06181EPSS
Exploits1
OSV
OSV
added 2022/05/17 2:24 a.m.24 views

GHSA-8VVH-CRQV-JM64 Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS7.3AI score0.06181EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/17 2:24 a.m.33 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS3.2AI score0.06181EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/05/17 1:44 a.m.18 views

GHSA-PHW8-FW9G-V3XC Apache QPID Allows Remote Authentication Bypass

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...

5CVSS6.2AI score0.06394EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2022/05/17 1:44 a.m.28 views

Apache QPID Allows Remote Authentication Bypass

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication...

5CVSS7AI score0.06394EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2022/05/14 2:46 a.m.21 views

GHSA-F38P-MQ64-H784 Improper Input Validation in Apache Qpid AMQP 0-x JMS

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5CVSS7.5AI score0.06192EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 2:46 a.m.30 views

Improper Input Validation in Apache Qpid AMQP 0-x JMS

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5CVSS2.7AI score0.06192EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/13 1:8 a.m.13 views

GHSA-3G2P-7C6P-VJ8C Apache Qpid Python client Improper certificate validation

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

8.7CVSS6.2AI score0.01573EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/05/13 1:8 a.m.24 views

Apache Qpid Python client Improper certificate validation

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.6AI score0.01573EPSS
Exploits0References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/03/25 12:0 a.m.52 views

RHEL 8 : Red Hat OpenStack Platform 16.1 (golang-qpid-apache) (RHSA-2022:0989)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0989 advisory. Golang binding library for qpid-proton Security Fixes: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet...

7.5CVSS7.1AI score0.03775EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/03/24 10:58 a.m.45 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (golang-qpid-apache) security update

An update for golang-qpid-apache is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.8AI score0.03775EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/03/24 12:0 a.m.43 views

RHEL 8 : Red Hat OpenStack Platform 16.2 (golang-qpid-apache) (RHSA-2022:0997)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0997 advisory. Golang binding library for qpid-proton Security Fixes: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet...

7.5CVSS7.1AI score0.03775EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/03/23 10:11 p.m.38 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (golang-qpid-apache) security update

An update for golang-qpid-apache is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.8AI score0.03775EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2021/03/21 12:8 a.m.24 views

CVE-2019-0223

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

7.4CVSS3.4AI score0.06201EPSS
Exploits0References3
Veracode
Veracode
added 2021/02/02 8:11 a.m.8 views

Authentication Bypass

org.apache.qpid, qpid-broker is vulnerable to authentication bypass. The vulnerability exists due to the function TrustManger allowing all certificates to pass the verification...

3.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2020/05/27 9:36 p.m.27 views

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...

8CVSS1.7AI score0.00692EPSS
Exploits0References2
Veracode
Veracode
added 2020/04/10 12:52 a.m.27 views

Denial Of Service (DoS)

apache qpid is vulnerable to denial of service. A flaw was found in the way Apache Qpid handled a request to redeclare an existing exchange while adding a new alternate exchange. If a remote, authenticated user issued such a request, the server would crash, resulting in the cluster shutting down...

4CVSS2AI score0.04086EPSS
Exploits0References11Affected Software16
Veracode
Veracode
added 2020/04/10 12:52 a.m.27 views

Denial Of Service (DoS)

apache qpid is vulnerable to denial of service. A flaw was found in the way Apache Qpid handled the receipt of invalid AMQP data. A remote user could send invalid AMQP data to the server, causing it to crash, resulting in the cluster shutting down...

5CVSS1.7AI score0.05927EPSS
Exploits0References10Affected Software16
Rows per page
Query Builder