Qpid Broker-j Security Vulnerabilities and Issues — Qpid Broker-j CVE List

Lucene search

ApacheQpid Broker-j

3 matches found

CVE•added 2017/12/01 3:29 p.m.•75 views

CVE-2017-15701

In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are ...

7.5CVSS7.4AI score0.02276EPSS

CVE•added 2017/05/15 2:29 p.m.•74 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Ja...

7.5CVSS7.3AI score0.00492EPSS

CVE•added 2017/12/01 3:29 p.m.•71 views

CVE-2017-15702

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that ...

9.8CVSS9.6AI score0.03087EPSS