All the vulnerabilites related to apache - qpid
cve-2012-2145
Vulnerability from cvelistv5
Published
2012-09-28 15:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.apache.org/jira/browse/QPID-4021 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2012-1277.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1269.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50699 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/50698 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78730 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/55608 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/50573 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=817175 | x_refsource_MISC | |
| https://issues.apache.org/jira/browse/QPID-2616 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-4021"
},
{
"name": "RHSA-2012:1277",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html"
},
{
"name": "RHSA-2012:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1269.html"
},
{
"name": "50699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50699"
},
{
"name": "50698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50698"
},
{
"name": "apache-qpid-broker-dos(78730)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78730"
},
{
"name": "55608",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55608"
},
{
"name": "50573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50573"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=817175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-2616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/QPID-4021"
},
{
"name": "RHSA-2012:1277",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html"
},
{
"name": "RHSA-2012:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1269.html"
},
{
"name": "50699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50699"
},
{
"name": "50698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50698"
},
{
"name": "apache-qpid-broker-dos(78730)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78730"
},
{
"name": "55608",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55608"
},
{
"name": "50573",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50573"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=817175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/QPID-2616"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2145",
"datePublished": "2012-09-28T15:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0203
Vulnerability from cvelistv5
Published
2018-02-21 15:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2016:1500 | vendor-advisory, x_refsource_REDHAT | |
| https://issues.apache.org/jira/browse/QPID-6310 | x_refsource_CONFIRM | |
| https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/72030 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBA-2016:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-6310"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html"
},
{
"name": "72030",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-22T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBA-2016:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-6310"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html"
},
{
"name": "72030",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72030"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0203",
"datePublished": "2018-02-21T15:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5005
Vulnerability from cvelistv5
Published
2010-10-18 16:00
Modified
2024-08-07 07:24
Severity ?
EPSS score ?
Summary
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://rhn.redhat.com/errata/RHSA-2010-0774.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=642373 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/2684 | vdb-entry, x_refsource_VUPEN | |
| http://svn.apache.org/viewvc?revision=785788&view=revision | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41812 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/41710 | third-party-advisory, x_refsource_SECUNIA | |
| https://rhn.redhat.com/errata/RHSA-2010-0773.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642373"
},
{
"name": "ADV-2010-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?revision=785788\u0026view=revision"
},
{
"name": "41812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41812"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-18T16:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642373"
},
{
"name": "ADV-2010-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?revision=785788\u0026view=revision"
},
{
"name": "41812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41812"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5005",
"datePublished": "2010-10-18T16:00:00Z",
"dateReserved": "2010-10-12T00:00:00Z",
"dateUpdated": "2024-08-07T07:24:53.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0223
Vulnerability from cvelistv5
Published
2019-04-23 15:57
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Qpid Proton |
Version: 0.9 to 0.27.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:15.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E"
},
{
"name": "[qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E"
},
{
"name": "[oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"
},
{
"name": "[announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E"
},
{
"name": "[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"
},
{
"name": "qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
},
{
"name": "108044",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108044"
},
{
"name": "RHSA-2019:0886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0886"
},
{
"name": "RHSA-2019:1399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1399"
},
{
"name": "RHSA-2019:1400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1400"
},
{
"name": "RHSA-2019:1398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1398"
},
{
"name": "RHSA-2019:2777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2777"
},
{
"name": "RHSA-2019:2778",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2778"
},
{
"name": "RHSA-2019:2779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2779"
},
{
"name": "RHSA-2019:2780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2780"
},
{
"name": "RHSA-2019:2781",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2781"
},
{
"name": "RHSA-2019:2782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Qpid Proton",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.9 to 0.27.0"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Man-in-the-middle Attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T13:06:22",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E"
},
{
"name": "[qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E"
},
{
"name": "[oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"
},
{
"name": "[announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E"
},
{
"name": "[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"
},
{
"name": "qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
},
{
"name": "108044",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108044"
},
{
"name": "RHSA-2019:0886",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0886"
},
{
"name": "RHSA-2019:1399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1399"
},
{
"name": "RHSA-2019:1400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1400"
},
{
"name": "RHSA-2019:1398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1398"
},
{
"name": "RHSA-2019:2777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2777"
},
{
"name": "RHSA-2019:2778",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2778"
},
{
"name": "RHSA-2019:2779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2779"
},
{
"name": "RHSA-2019:2780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2780"
},
{
"name": "RHSA-2019:2781",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2781"
},
{
"name": "RHSA-2019:2782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Qpid Proton",
"version": {
"version_data": [
{
"version_value": "0.9 to 0.27.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Man-in-the-middle Attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E"
},
{
"name": "[qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E"
},
{
"name": "[oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"
},
{
"name": "[announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E"
},
{
"name": "[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E"
},
{
"name": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"
},
{
"name": "qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E"
},
{
"name": "108044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108044"
},
{
"name": "RHSA-2019:0886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0886"
},
{
"name": "RHSA-2019:1399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1399"
},
{
"name": "RHSA-2019:1400",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1400"
},
{
"name": "RHSA-2019:1398",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1398"
},
{
"name": "RHSA-2019:2777",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2777"
},
{
"name": "RHSA-2019:2778",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2778"
},
{
"name": "RHSA-2019:2779",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2779"
},
{
"name": "RHSA-2019:2780",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2780"
},
{
"name": "RHSA-2019:2781",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2781"
},
{
"name": "RHSA-2019:2782",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-0223",
"datePublished": "2019-04-23T15:57:07",
"dateReserved": "2018-11-14T00:00:00",
"dateUpdated": "2024-08-04T17:44:15.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3467
Vulnerability from cvelistv5
Published
2012-08-27 23:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| http://svn.apache.org/viewvc?view=revision&revision=1352992 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50186 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/54954 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1279.html | vendor-advisory, x_refsource_REDHAT | |
| https://issues.apache.org/jira/browse/QPID-3849 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77568 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2012-1277.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50698 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=836276 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/08/09/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1352992"
},
{
"name": "50186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50186"
},
{
"name": "54954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54954"
},
{
"name": "RHSA-2012:1279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1279.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-3849"
},
{
"name": "apache-qpid-broker-sec-bypass(77568)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77568"
},
{
"name": "RHSA-2012:1277",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html"
},
{
"name": "50698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=836276"
},
{
"name": "[oss-security] 20120809 CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/09/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1352992"
},
{
"name": "50186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50186"
},
{
"name": "54954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54954"
},
{
"name": "RHSA-2012:1279",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1279.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-3849"
},
{
"name": "apache-qpid-broker-sec-bypass(77568)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77568"
},
{
"name": "RHSA-2012:1277",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html"
},
{
"name": "50698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=836276"
},
{
"name": "[oss-security] 20120809 CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/09/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1352992",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1352992"
},
{
"name": "50186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50186"
},
{
"name": "54954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54954"
},
{
"name": "RHSA-2012:1279",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1279.html"
},
{
"name": "https://issues.apache.org/jira/browse/QPID-3849",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPID-3849"
},
{
"name": "apache-qpid-broker-sec-bypass(77568)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77568"
},
{
"name": "RHSA-2012:1277",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html"
},
{
"name": "50698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50698"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=836276",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=836276"
},
{
"name": "[oss-security] 20120809 CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/09/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3467",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3083
Vulnerability from cvelistv5
Published
2010-10-12 20:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2010-0756.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2010/10/08/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=632657 | x_refsource_CONFIRM | |
| http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41710 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2010-0757.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"name": "[oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/08/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291\u0026r2=790290\u0026pathrev=790291\u0026view=patch"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-20T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"name": "[oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/08/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291\u0026r2=790290\u0026pathrev=790291\u0026view=patch"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3083",
"datePublished": "2010-10-12T20:00:00",
"dateReserved": "2010-08-20T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3629
Vulnerability from cvelistv5
Published
2014-11-17 16:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98575 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/533943/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/71004 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html | x_refsource_MISC | |
| http://secunia.com/advisories/62235 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apache-qpid-cve20143629-info-disc(98575)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98575"
},
{
"name": "20141107 CVE-2014-3629: Apache Qpid\u0027s qpidd can be induced to make http requests",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533943/100/0/threaded"
},
{
"name": "71004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html"
},
{
"name": "62235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62235"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "apache-qpid-cve20143629-info-disc(98575)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98575"
},
{
"name": "20141107 CVE-2014-3629: Apache Qpid\u0027s qpidd can be induced to make http requests",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533943/100/0/threaded"
},
{
"name": "71004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html"
},
{
"name": "62235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62235"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apache-qpid-cve20143629-info-disc(98575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98575"
},
{
"name": "20141107 CVE-2014-3629: Apache Qpid\u0027s qpidd can be induced to make http requests",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533943/100/0/threaded"
},
{
"name": "71004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71004"
},
{
"name": "http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html"
},
{
"name": "62235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62235"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3629",
"datePublished": "2014-11-17T16:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0223
Vulnerability from cvelistv5
Published
2015-02-02 16:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2016:1500 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/72319 | vdb-entry, x_refsource_BID | |
| http://seclists.org/bugtraq/2015/Jan/122 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/130106/Apache-Qpid-0.30-Anonymous-Action-Prevention.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBA-2016:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"name": "72319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72319"
},
{
"name": "20150126 CVE-2015-0223: anonymous access to qpidd cannot be prevented",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2015/Jan/122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130106/Apache-Qpid-0.30-Anonymous-Action-Prevention.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBA-2016:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"name": "72319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72319"
},
{
"name": "20150126 CVE-2015-0223: anonymous access to qpidd cannot be prevented",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2015/Jan/122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130106/Apache-Qpid-0.30-Anonymous-Action-Prevention.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0223",
"datePublished": "2015-02-02T16:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1909
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-16 17:42
Severity ?
EPSS score ?
Summary
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/53968 | third-party-advisory, x_refsource_SECUNIA | |
| http://svn.apache.org/viewvc?view=revision&revision=1460013 | x_refsource_CONFIRM | |
| https://issues.apache.org/jira/browse/QPID-4918 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1024.html | vendor-advisory, x_refsource_REDHAT | |
| http://qpid.apache.org/releases/qpid-0.22/release-notes.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54137 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53968"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-4918"
},
{
"name": "RHSA-2013:1024",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html"
},
{
"name": "54137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53968"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-4918"
},
{
"name": "RHSA-2013:1024",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html"
},
{
"name": "54137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54137"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53968"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013"
},
{
"name": "https://issues.apache.org/jira/browse/QPID-4918",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPID-4918"
},
{
"name": "RHSA-2013:1024",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1024.html"
},
{
"name": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html",
"refsource": "CONFIRM",
"url": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html"
},
{
"name": "54137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54137"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1909",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-09-16T17:42:38.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4446
Vulnerability from cvelistv5
Published
2013-03-12 15:00
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://issues.apache.org/jira/browse/QPID-4631 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-0561.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-0562.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=851355 | x_refsource_MISC | |
| http://secunia.com/advisories/52516 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-4631"
},
{
"name": "RHSA-2013:0561",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"name": "RHSA-2013:0562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851355"
},
{
"name": "52516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T15:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-4631"
},
{
"name": "RHSA-2013:0561",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"name": "RHSA-2013:0562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851355"
},
{
"name": "52516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/QPID-4631",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPID-4631"
},
{
"name": "RHSA-2013:0561",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"name": "RHSA-2013:0562",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=851355",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851355"
},
{
"name": "52516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4446",
"datePublished": "2013-03-12T15:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:34:59.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4458
Vulnerability from cvelistv5
Published
2013-03-12 15:00
Modified
2024-09-17 02:57
Severity ?
EPSS score ?
Summary
The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=861234 | x_refsource_MISC | |
| https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-0561.html | vendor-advisory, x_refsource_REDHAT | |
| https://issues.apache.org/jira/browse/QPID-4629 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-0562.html | vendor-advisory, x_refsource_REDHAT | |
| http://svn.apache.org/viewvc?view=revision&revision=1453031 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/52516 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861234"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"name": "RHSA-2013:0561",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"name": "RHSA-2013:0562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"name": "52516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T15:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861234"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"name": "RHSA-2013:0561",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"name": "RHSA-2013:0562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"name": "52516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=861234",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861234"
},
{
"name": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"name": "RHSA-2013:0561",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"name": "https://issues.apache.org/jira/browse/QPID-4629",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"name": "RHSA-2013:0562",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"name": "52516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4458",
"datePublished": "2013-03-12T15:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:57:32.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4460
Vulnerability from cvelistv5
Published
2013-03-12 15:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=861242 | x_refsource_MISC | |
| https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID | x_refsource_CONFIRM | |
| https://issues.apache.org/jira/browse/QPID-4629 | x_refsource_CONFIRM | |
| http://svn.apache.org/viewvc?view=revision&revision=1453031 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T15:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4460",
"datePublished": "2013-03-12T15:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-08-06T20:35:09.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0224
Vulnerability from cvelistv5
Published
2017-10-30 14:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBA-2016:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-6310"
},
{
"name": "1031872",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031872"
},
{
"name": "RHSA-2015:0708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0708"
},
{
"name": "72317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72317"
},
{
"name": "RHSA-2015:0661",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0661.html"
},
{
"name": "20150126 CVE-2015-0224: qpidd can be crashed by unauthenticated user",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534545/100/0/threaded"
},
{
"name": "RHSA-2015:0662",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0662.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130105/Apache-Qpid-0.30-Crash.html"
},
{
"name": "[www-announce] 20150126 CVE-2015-0224: qpidd can be crashed by unauthenticated user",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201501.mbox/%3C54C60497.5060504%40apache.org%3E"
},
{
"name": "RHSA-2015:0660",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0660.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186302"
},
{
"name": "FEDORA-2016-120b194a75",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178606.html"
},
{
"name": "RHSA-2015:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0707.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBA-2016:1500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-6310"
},
{
"name": "1031872",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031872"
},
{
"name": "RHSA-2015:0708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0708"
},
{
"name": "72317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72317"
},
{
"name": "RHSA-2015:0661",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0661.html"
},
{
"name": "20150126 CVE-2015-0224: qpidd can be crashed by unauthenticated user",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534545/100/0/threaded"
},
{
"name": "RHSA-2015:0662",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0662.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130105/Apache-Qpid-0.30-Crash.html"
},
{
"name": "[www-announce] 20150126 CVE-2015-0224: qpidd can be crashed by unauthenticated user",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201501.mbox/%3C54C60497.5060504%40apache.org%3E"
},
{
"name": "RHSA-2015:0660",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0660.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186302"
},
{
"name": "FEDORA-2016-120b194a75",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178606.html"
},
{
"name": "RHSA-2015:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0707.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0224",
"datePublished": "2017-10-30T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4459
Vulnerability from cvelistv5
Published
2013-03-12 15:00
Modified
2024-09-16 17:27
Severity ?
EPSS score ?
Summary
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=861241 | x_refsource_MISC | |
| https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-0561.html | vendor-advisory, x_refsource_REDHAT | |
| https://issues.apache.org/jira/browse/QPID-4629 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-0562.html | vendor-advisory, x_refsource_REDHAT | |
| http://svn.apache.org/viewvc?view=revision&revision=1453031 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/52516 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"name": "RHSA-2013:0561",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"name": "RHSA-2013:0562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"name": "52516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T15:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"name": "RHSA-2013:0561",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"name": "RHSA-2013:0562",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"name": "52516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52516"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=861241",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861241"
},
{
"name": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"name": "RHSA-2013:0561",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"name": "https://issues.apache.org/jira/browse/QPID-4629",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"name": "RHSA-2013:0562",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"name": "52516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52516"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4459",
"datePublished": "2013-03-12T15:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-16T17:27:46.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5006
Vulnerability from cvelistv5
Published
2010-10-18 16:00
Modified
2024-08-07 07:24
Severity ?
EPSS score ?
Summary
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
References
| ▼ | URL | Tags |
|---|---|---|
| https://rhn.redhat.com/errata/RHSA-2010-0774.html | vendor-advisory, x_refsource_REDHAT | |
| http://svn.apache.org/viewvc?revision=811188&view=revision | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/2684 | vdb-entry, x_refsource_VUPEN | |
| https://issues.apache.org/jira/browse/QPID-2080 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=642377 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41812 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/41710 | third-party-advisory, x_refsource_SECUNIA | |
| https://rhn.redhat.com/errata/RHSA-2010-0773.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?revision=811188\u0026view=revision"
},
{
"name": "ADV-2010-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-2080"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642377"
},
{
"name": "41812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41812"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-18T16:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?revision=811188\u0026view=revision"
},
{
"name": "ADV-2010-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-2080"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642377"
},
{
"name": "41812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41812"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5006",
"datePublished": "2010-10-18T16:00:00Z",
"dateReserved": "2010-10-12T00:00:00Z",
"dateUpdated": "2024-08-07T07:24:53.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3620
Vulnerability from cvelistv5
Published
2012-05-03 23:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/49000 | third-party-advisory, x_refsource_SECUNIA | |
| https://issues.apache.org/jira/browse/QPID-3652 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=747078 | x_refsource_CONFIRM | |
| https://reviews.apache.org/r/2988/ | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1026990 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-3652"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=747078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://reviews.apache.org/r/2988/"
},
{
"name": "1026990",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-09T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-3652"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=747078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://reviews.apache.org/r/2988/"
},
{
"name": "1026990",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026990"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3620",
"datePublished": "2012-05-03T23:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-05-03 23:55
Modified
2024-11-21 01:30
Severity ?
Summary
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C584B299-0BB9-4B4F-B0BC-11DE222F1F17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username."
},
{
"lang": "es",
"value": "Apache Qpid v0.12 no verifica correctamente las credenciales durante la uni\u00f3n de un grupo, lo que permite a atacantes remotos obtener acceso a la funcionalidad de mensajer\u00eda y funcionalidad de trabajo de un grupo mediante el aprovechamiento de los conocimientos, nombre de usuario."
}
],
"id": "CVE-2011-3620",
"lastModified": "2024-11-21T01:30:51.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-03T23:55:01.027",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49000"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026990"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=747078"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/QPID-3652"
},
{
"source": "secalert@redhat.com",
"url": "https://reviews.apache.org/r/2988/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=747078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/QPID-3652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://reviews.apache.org/r/2988/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-02 16:59
Modified
2024-11-21 02:22
Severity ?
Summary
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4645364-B558-4FE8-A229-EEAD95CF0F35",
"versionEndIncluding": "0.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Apache Qpid 0.30 y anteriores permite a atacantes remotos evadir las restricciones de acceso sobre qpidd a trav\u00e9s de vectores desconocidos, relacionado con el manejo de conexiones 0-10."
}
],
"id": "CVE-2015-0223",
"lastModified": "2024-11-21T02:22:35.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-02T16:59:03.567",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/130106/Apache-Qpid-0.30-Anonymous-Action-Prevention.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/bugtraq/2015/Jan/122"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/72319"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/130106/Apache-Qpid-0.30-Anonymous-Action-Prevention.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2015/Jan/122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-18 17:00
Modified
2024-11-21 01:10
Severity ?
Summary
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | qpid | * | |
| redhat | enterprise_mrg | * | |
| redhat | enterprise_mrg | 1.0 | |
| redhat | enterprise_mrg | 1.0.1 | |
| redhat | enterprise_mrg | 1.0.2 | |
| redhat | enterprise_mrg | 1.0.3 | |
| redhat | enterprise_mrg | 1.1.1 | |
| redhat | enterprise_mrg | 1.1.2 | |
| redhat | enterprise_mrg | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A5CF09-B7B3-4E40-8546-11230A9B7755",
"versionEndIncluding": "0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "059C1E78-7197-4A08-9E1A-138F82F949EE",
"versionEndIncluding": "1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E172C-4FBD-40AA-91F1-2858A74C5483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A4D28-0EC4-4584-9126-A47003CD06AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE56E2-D7B7-4BF6-BC1F-86B8EE77F064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9A3A7B-4A61-4F2C-A8F9-D428B690294E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C6E954-7BBE-4214-9407-86322372FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED639614-7AE8-4DDE-9FE3-1554FE59202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD09E081-B714-45A1-ACBB-28D805BFD01C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data."
},
{
"lang": "es",
"value": "La funci\u00f3n Cluster::deliveredEvent de cluster/Cluster.cpp de Apache Qpid, tal como es utilizada en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio y del cluster) a trav\u00e9s de datos AMQP inv\u00e1lidos."
}
],
"id": "CVE-2009-5005",
"lastModified": "2024-11-21T01:10:58.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-18T17:00:02.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41812"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?revision=785788\u0026view=revision"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642373"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?revision=785788\u0026view=revision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-18 17:00
Modified
2024-11-21 01:10
Severity ?
Summary
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | qpid | * | |
| redhat | enterprise_mrg | * | |
| redhat | enterprise_mrg | 1.0 | |
| redhat | enterprise_mrg | 1.0.1 | |
| redhat | enterprise_mrg | 1.0.2 | |
| redhat | enterprise_mrg | 1.0.3 | |
| redhat | enterprise_mrg | 1.1.1 | |
| redhat | enterprise_mrg | 1.1.2 | |
| redhat | enterprise_mrg | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A5CF09-B7B3-4E40-8546-11230A9B7755",
"versionEndIncluding": "0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "059C1E78-7197-4A08-9E1A-138F82F949EE",
"versionEndIncluding": "1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E172C-4FBD-40AA-91F1-2858A74C5483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A4D28-0EC4-4584-9126-A47003CD06AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE56E2-D7B7-4BF6-BC1F-86B8EE77F064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9A3A7B-4A61-4F2C-A8F9-D428B690294E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C6E954-7BBE-4214-9407-86322372FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED639614-7AE8-4DDE-9FE3-1554FE59202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD09E081-B714-45A1-ACBB-28D805BFD01C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange."
},
{
"lang": "es",
"value": "La funci\u00f3n SessionAdapter::ExchangeHandlerImpl::checkAlternate de broker/SessionAdapter.cpp del componente C++ Broker de Apache Qpid en versiones anteriores a la v0.6, tal como es utilizado en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a usuarios autenticados remotos provocar una denegaci\u00f3n de servicio (resoluci\u00f3n de puntero NULL, ca\u00edda del demonio, y apag\u00f3n del cluster) tratando de modificar el suplente de un intercambio."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2009-5006",
"lastModified": "2024-11-21T01:10:58.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-18T17:00:02.610",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41812"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?revision=811188\u0026view=revision"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642377"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/QPID-2080"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?revision=811188\u0026view=revision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/QPID-2080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-17 16:59
Modified
2024-11-21 02:08
Severity ?
Summary
XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "294D4BBE-3FAC-4B16-810D-81649407D30E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message."
},
{
"lang": "es",
"value": "Vulnerabilidad de entidad externa XML (XXE) en el m\u00f3dulo XML Exchange en Apache Qpid 0.30 permite a atacantes remotos provocar conexiones HTTP salientes a trav\u00e9s de un mensaje manipulado."
}
],
"id": "CVE-2014-3629",
"lastModified": "2024-11-21T02:08:32.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-17T16:59:00.137",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/62235"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/533943/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/71004"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533943/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98575"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-14 03:10
Modified
2024-11-21 01:42
Severity ?
Summary
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFF35CD-0D3D-4B29-8E7A-9C39D7358A3A",
"versionEndIncluding": "0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71A147B7-2E6B-4E7A-8C68-BEDFCACD57AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "760A5796-9BB5-45A3-AB0E-D3639D487A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D441FDC2-CA4E-43C5-A3DD-3715641E59A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "79CB1E30-BDD9-451E-A366-EE19C2E00AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8690F211-CE64-4799-87C5-F2AEDB0500EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "469FC441-523B-4C78-9B2D-46B8CCE8811E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB64A222-C258-44BF-A83D-CFE1204F8009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C584B299-0BB9-4B4F-B0BC-11DE222F1F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D74323FF-612A-48EE-A03E-D49CAD828101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21261207-0DF5-460A-9F9B-F8CADB78DAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A6F2E8-325C-4071-9862-8242B730B147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "578FB3FD-EA55-4A39-94D4-F4194C0F2BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C67B5857-3CD8-445A-B60D-C0285BB60A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2949A7DC-2955-4770-94CE-5AB9EEC3B1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B227D078-8298-4594-8F96-F2976F189B6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de Apache Qpid v0.20 y anteriores, cuando el atributo federation_tag est\u00e1 activo, acepta conexiones AMQP sin comprobar el ID del usuario que lo manda, lo que permite a atacantes remotos evitar la autenticaci\u00f3n y tener otras sin especificar a trav\u00e9s de peticiones AMQP."
}
],
"id": "CVE-2012-4446",
"lastModified": "2024-11-21T01:42:54.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:10:22.530",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52516"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851355"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/QPID-4631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/QPID-4631"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.0 | |
| apache | qpid | * | |
| apache | qpid | 0.5 | |
| apache | qpid | 0.6 | |
| apache | qpid | 0.7 | |
| apache | qpid | 0.8 | |
| apache | qpid | 0.9 | |
| apache | qpid | 0.10 | |
| apache | qpid | 0.11 | |
| apache | qpid | 0.12 | |
| apache | qpid | 0.13 | |
| apache | qpid | 0.14 | |
| apache | qpid | 0.15 | |
| apache | qpid | 0.16 | |
| apache | qpid | 0.17 | |
| apache | qpid | 0.18 | |
| apache | qpid | 0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFF35CD-0D3D-4B29-8E7A-9C39D7358A3A",
"versionEndIncluding": "0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71A147B7-2E6B-4E7A-8C68-BEDFCACD57AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "760A5796-9BB5-45A3-AB0E-D3639D487A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D441FDC2-CA4E-43C5-A3DD-3715641E59A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "79CB1E30-BDD9-451E-A366-EE19C2E00AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8690F211-CE64-4799-87C5-F2AEDB0500EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "469FC441-523B-4C78-9B2D-46B8CCE8811E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB64A222-C258-44BF-A83D-CFE1204F8009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C584B299-0BB9-4B4F-B0BC-11DE222F1F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D74323FF-612A-48EE-A03E-D49CAD828101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21261207-0DF5-460A-9F9B-F8CADB78DAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A6F2E8-325C-4071-9862-8242B730B147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "578FB3FD-EA55-4A39-94D4-F4194C0F2BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C67B5857-3CD8-445A-B60D-C0285BB60A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2949A7DC-2955-4770-94CE-5AB9EEC3B1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B227D078-8298-4594-8F96-F2976F189B6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
},
{
"lang": "es",
"value": "El cliente Python en Apache Qpid anterior a v2.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el nombre com\u00fan del sujeto (CN) o el campo subjectAltName del certificado X.509, permitiendo a los atacantes de hombre-en-medio (man-in-the-middle) falsificar servidores SSL mediante un certificado v\u00e1lido de su elecci\u00f3n."
}
],
"id": "CVE-2013-1909",
"lastModified": "2024-11-21T01:50:38.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-23T16:55:07.063",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53968"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54137"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/QPID-4918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/QPID-4918"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-14 03:10
Modified
2024-11-21 01:42
Severity ?
Summary
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFF35CD-0D3D-4B29-8E7A-9C39D7358A3A",
"versionEndIncluding": "0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71A147B7-2E6B-4E7A-8C68-BEDFCACD57AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "760A5796-9BB5-45A3-AB0E-D3639D487A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D441FDC2-CA4E-43C5-A3DD-3715641E59A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "79CB1E30-BDD9-451E-A366-EE19C2E00AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8690F211-CE64-4799-87C5-F2AEDB0500EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "469FC441-523B-4C78-9B2D-46B8CCE8811E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB64A222-C258-44BF-A83D-CFE1204F8009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C584B299-0BB9-4B4F-B0BC-11DE222F1F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D74323FF-612A-48EE-A03E-D49CAD828101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21261207-0DF5-460A-9F9B-F8CADB78DAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A6F2E8-325C-4071-9862-8242B730B147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "578FB3FD-EA55-4A39-94D4-F4194C0F2BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C67B5857-3CD8-445A-B60D-C0285BB60A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2949A7DC-2955-4770-94CE-5AB9EEC3B1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B227D078-8298-4594-8F96-F2976F189B6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en la funci\u00f3n qpid::framing::Buffer::checkAvailable de Apache Qpid v0.20 y anteriores que permite a atacantes remotos causar una denegaci\u00f3n de servicios (ca\u00edda) a trav\u00e9s de un mensaje manipulado, que dispara un error de salida de rango en la lectura."
}
],
"id": "CVE-2012-4459",
"lastModified": "2024-11-21T01:42:56.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:10:23.377",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52516"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861241"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-14 03:10
Modified
2024-11-21 01:42
Severity ?
Summary
The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFF35CD-0D3D-4B29-8E7A-9C39D7358A3A",
"versionEndIncluding": "0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71A147B7-2E6B-4E7A-8C68-BEDFCACD57AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "760A5796-9BB5-45A3-AB0E-D3639D487A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D441FDC2-CA4E-43C5-A3DD-3715641E59A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "79CB1E30-BDD9-451E-A366-EE19C2E00AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8690F211-CE64-4799-87C5-F2AEDB0500EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "469FC441-523B-4C78-9B2D-46B8CCE8811E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB64A222-C258-44BF-A83D-CFE1204F8009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C584B299-0BB9-4B4F-B0BC-11DE222F1F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D74323FF-612A-48EE-A03E-D49CAD828101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21261207-0DF5-460A-9F9B-F8CADB78DAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A6F2E8-325C-4071-9862-8242B730B147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "578FB3FD-EA55-4A39-94D4-F4194C0F2BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C67B5857-3CD8-445A-B60D-C0285BB60A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2949A7DC-2955-4770-94CE-5AB9EEC3B1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B227D078-8298-4594-8F96-F2976F189B6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message."
},
{
"lang": "es",
"value": "El tipo decodificador AMQP de Apache Qpid v0.20 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicios (consumo de memoria y ca\u00edda del servicio) a trav\u00e9s de un n\u00famero de grande de ceros en el mapa client-properties en un mensaje connection-start-ok."
}
],
"id": "CVE-2012-4458",
"lastModified": "2024-11-21T01:42:56.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:10:23.353",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52516"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861234"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-21 15:29
Modified
2024-11-21 02:22
Severity ?
Summary
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/72030 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHBA-2016:1500 | Third Party Advisory | |
| secalert@redhat.com | https://issues.apache.org/jira/browse/QPID-6310 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/72030 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2016:1500 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.apache.org/jira/browse/QPID-6310 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4645364-B558-4FE8-A229-EEAD95CF0F35",
"versionEndIncluding": "0.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach."
},
{
"lang": "es",
"value": "El broker qpidd Apache Qpid 0.30 y anteriores permite que usuarios autenticados remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado del demonio) mediante un mensaje AMQP con (1) un rango inv\u00e1lido en un conjunto de secuencias, (2) m\u00e9todos content-bearing distintos de message-transfer o (3) un control session-gap antes del session-attach correspondiente."
}
],
"id": "CVE-2015-0203",
"lastModified": "2024-11-21T02:22:31.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-21T15:29:00.367",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72030"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/QPID-6310"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/QPID-6310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-12 21:00
Modified
2024-11-21 01:17
Severity ?
Summary
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | qpid | 0.5 | |
| apache | qpid | 0.6 | |
| redhat | enterprise_mrg | * | |
| redhat | enterprise_mrg | 1.0 | |
| redhat | enterprise_mrg | 1.0.1 | |
| redhat | enterprise_mrg | 1.0.2 | |
| redhat | enterprise_mrg | 1.0.3 | |
| redhat | enterprise_mrg | 1.1.1 | |
| redhat | enterprise_mrg | 1.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71A147B7-2E6B-4E7A-8C68-BEDFCACD57AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "760A5796-9BB5-45A3-AB0E-D3639D487A76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A675B98-74ED-46B3-AFE8-80B478D344B2",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E172C-4FBD-40AA-91F1-2858A74C5483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A4D28-0EC4-4584-9126-A47003CD06AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE56E2-D7B7-4BF6-BC1F-86B8EE77F064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9A3A7B-4A61-4F2C-A8F9-D428B690294E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C6E954-7BBE-4214-9407-86322372FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED639614-7AE8-4DDE-9FE3-1554FE59202C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake."
},
{
"lang": "es",
"value": "sys/ssl/SslSocket.cpp en qpidd en Apache Qpid, como se usa en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 y otros productos, cuando SSL est\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (parada de demonio) conectando al puerto SSL pero no participando en una negociaci\u00f3n SSL."
}
],
"id": "CVE-2010-3083",
"lastModified": "2024-11-21T01:17:59.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-12T21:00:02.103",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/41710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291\u0026r2=790290\u0026pathrev=790291\u0026view=patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/10/08/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291\u0026r2=790290\u0026pathrev=790291\u0026view=patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632657"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-27 23:55
Modified
2024-11-21 01:40
Severity ?
Summary
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6BDA092-E2F9-4350-AED6-889B586883CD",
"versionEndIncluding": "0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71A147B7-2E6B-4E7A-8C68-BEDFCACD57AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "760A5796-9BB5-45A3-AB0E-D3639D487A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21261207-0DF5-460A-9F9B-F8CADB78DAF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication."
},
{
"lang": "es",
"value": "Apache Qpid v0.14, v0.16, y anteriores utiliza un mecanismo NullAuthenticator para autenticar conexiones de puesta al d\u00eda de sombra a los corredores AMQP, lo que permite a atacantes remotos evitar la autenticaci\u00f3n."
}
],
"id": "CVE-2012-3467",
"lastModified": "2024-11-21T01:40:56.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-27T23:55:02.383",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1279.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50186"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50698"
},
{
"source": "secalert@redhat.com",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1352992"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/09/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54954"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=836276"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77568"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/QPID-3849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1279.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1352992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/09/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=836276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/QPID-3849"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-14 03:10
Modified
2024-11-21 01:42
Severity ?
Summary
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFF35CD-0D3D-4B29-8E7A-9C39D7358A3A",
"versionEndIncluding": "0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71A147B7-2E6B-4E7A-8C68-BEDFCACD57AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "760A5796-9BB5-45A3-AB0E-D3639D487A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D441FDC2-CA4E-43C5-A3DD-3715641E59A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "79CB1E30-BDD9-451E-A366-EE19C2E00AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8690F211-CE64-4799-87C5-F2AEDB0500EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "469FC441-523B-4C78-9B2D-46B8CCE8811E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB64A222-C258-44BF-A83D-CFE1204F8009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C584B299-0BB9-4B4F-B0BC-11DE222F1F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D74323FF-612A-48EE-A03E-D49CAD828101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21261207-0DF5-460A-9F9B-F8CADB78DAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A6F2E8-325C-4071-9862-8242B730B147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "578FB3FD-EA55-4A39-94D4-F4194C0F2BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C67B5857-3CD8-445A-B60D-C0285BB60A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2949A7DC-2955-4770-94CE-5AB9EEC3B1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B227D078-8298-4594-8F96-F2976F189B6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash."
},
{
"lang": "es",
"value": "Las funciones serializing/deserializing de qpid::framing::Buffer en Apache Qpid v0.20 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (error de aserci\u00f3n y salida del demonio) a trav\u00e9s de vectores no especificados. NOTA: este problema tambi\u00e9n podr\u00eda provocar un error de salida de l\u00edmites al leer, pero no podr\u00edan dar lugar a una ca\u00edda."
}
],
"id": "CVE-2012-4460",
"lastModified": "2024-11-21T01:42:56.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:10:23.407",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861242"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1453031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/QPID-4629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-30 14:29
Modified
2024-11-21 02:22
Severity ?
Summary
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4645364-B558-4FE8-A229-EEAD95CF0F35",
"versionEndIncluding": "0.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203."
},
{
"lang": "es",
"value": "qpidd en Apache Qpid 0.30 y anteriores permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado del demonio) mediante un conjunto de secuencias de protocolo manipuladas. NOTA: Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2015-0203."
}
],
"id": "CVE-2015-0224",
"lastModified": "2024-11-21T02:22:35.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-30T14:29:00.597",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178606.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201501.mbox/%3C54C60497.5060504%40apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/130105/Apache-Qpid-0.30-Crash.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0660.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0661.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0662.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0707.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/534545/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72317"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031872"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0708"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186302"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/QPID-6310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178606.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201501.mbox/%3C54C60497.5060504%40apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/130105/Apache-Qpid-0.30-Crash.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0660.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0661.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0662.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0707.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534545/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2015:0708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/QPID-6310"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-23 16:29
Modified
2024-11-21 04:16
Severity ?
Summary
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9D1E83-264F-4FD3-91DC-7E5CC856C36D",
"versionEndIncluding": "0.27.0",
"versionStartIncluding": "0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_amq_clients_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A493C8B-B5B9-4BE2-A449-24BE131FF8D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7F358B-5E56-41AB-BB8A-23D3CB7A248B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87F6E32E-6AF3-489A-AFEF-D5309E0D1779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB283C80-F7AF-4776-8432-655E50D7D65B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B7C3FA-0F90-47ED-835F-FBA07B3993E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic."
},
{
"lang": "es",
"value": "Mientras investig\u00e1bamos el error PROTON-2014, descubrimos que en algunas circunstancias las versiones de Apache Qpid Proton 0.9 a 0.27.0 (librer\u00eda de C y sus adaptaciones de lenguaje) pueden conectarse a un peer de forma an\u00f3nima utilizando TLS *incluso cuando est\u00e1 configurado para verificar el certificado del peer* mientras se utiliza con versiones de OpenSSL anteriores a la 1.1.0. Esto significa que un ataque man in the middle podr\u00eda ser construido si un atacante puede interceptar el tr\u00e1fico TLS."
}
],
"id": "CVE-2019-0223",
"lastModified": "2024-11-21T04:16:31.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-23T16:29:00.467",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/108044"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0886"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1398"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1399"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1400"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2777"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2778"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2779"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2780"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2781"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2782"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/108044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 15:55
Modified
2024-11-21 01:38
Severity ?
Summary
Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F92F2-F77B-468E-B63B-DD333A63375C",
"versionEndIncluding": "0.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "760A5796-9BB5-45A3-AB0E-D3639D487A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D441FDC2-CA4E-43C5-A3DD-3715641E59A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "79CB1E30-BDD9-451E-A366-EE19C2E00AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8690F211-CE64-4799-87C5-F2AEDB0500EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "469FC441-523B-4C78-9B2D-46B8CCE8811E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C584B299-0BB9-4B4F-B0BC-11DE222F1F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21261207-0DF5-460A-9F9B-F8CADB78DAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "578FB3FD-EA55-4A39-94D4-F4194C0F2BB3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections."
},
{
"lang": "es",
"value": "Apache Qpid v0.17 y anteriores no restringe correctamente las conexiones entrantes de clientes, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de un gran n\u00famero de conexiones incompletas."
}
],
"id": "CVE-2012-2145",
"lastModified": "2024-11-21T01:38:35.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T15:55:02.507",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1269.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50573"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50698"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50699"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55608"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=817175"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78730"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/QPID-2616"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/QPID-4021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1269.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1277.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=817175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/QPID-2616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/QPID-4021"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}