Qpid Broker-j Security Vulnerabilities and Issues — Qpid Broker-j CVE List

Lucene search

ApacheQpid Broker-j

8 matches found

CVE•added 2017/12/01 3:29 p.m.•75 views

CVE-2017-15701

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are ...

7.5CVSS7.4AI score0.02276EPSS

CVE•added 2017/05/15 2:29 p.m.•74 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Ja...

7.5CVSS7.3AI score0.00492EPSS

CVE•added 2017/12/01 3:29 p.m.•71 views

CVE-2017-15702

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that ...

9.8CVSS9.6AI score0.03087EPSS

CVE•added 2018/06/20 1:29 a.m.•70 views

CVE-2018-8030

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 ...

7.5CVSS7.3AI score0.00906EPSS

CVE•added 2019/03/06 6:29 p.m.•70 views

CVE-2019-0200

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of ...

7.5CVSS7.5AI score0.02923EPSS

CVE•added 2016/06/01 8:59 p.m.•67 views

CVE-2016-4432

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.

9.1CVSS9.1AI score0.0047EPSS

CVE•added 2016/06/01 8:59 p.m.•57 views

CVE-2016-3094

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.

5.9CVSS5.8AI score0.00694EPSS

CVE•added 2018/02/09 2:29 p.m.•47 views

CVE-2018-1298

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP ...

5.9CVSS6.1AI score0.01205EPSS