Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for qpid_proton by apache
CVE-2016-4467 (GCVE-0-2016-4467)
Vulnerability from nvd – Published: 2017-05-02 14:00 – Updated: 2024-08-06 00:32
VLAI
Summary
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/91788 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2016/07/15/3 | mailing-listx_refsource_MLIST |
| http://www.securitytracker.com/id/1036316 | vdb-entryx_refsource_SECTRACK |
| https://lists.apache.org/thread.html/914424e4d798… | mailing-listx_refsource_MLIST |
Date Public
2016-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91788"
},
{
"name": "[oss-security] 20160715 [SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/15/3"
},
{
"name": "1036316",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036316"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T11:06:05.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "91788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91788"
},
{
"name": "[oss-security] 20160715 [SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/15/3"
},
{
"name": "1036316",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036316"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91788"
},
{
"name": "[oss-security] 20160715 [SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/15/3"
},
{
"name": "1036316",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036316"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4467",
"datePublished": "2017-05-02T14:00:00.000Z",
"dateReserved": "2016-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2166 (GCVE-0-2016-2166)
Vulnerability from nvd – Published: 2016-04-12 14:00 – Updated: 2024-08-05 23:17
VLAI
Summary
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://issues.apache.org/jira/browse/PROTON-1157 | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/136403/Apach… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://git-wip-us.apache.org/repos/asf?p=qpid-pr… | x_refsource_CONFIRM |
| http://qpid.apache.org/releases/qpid-proton-0.12.… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/537864/100… | mailing-listx_refsource_BUGTRAQ |
| https://lists.apache.org/thread.html/914424e4d798… | mailing-listx_refsource_MLIST |
Date Public
2016-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/PROTON-1157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html"
},
{
"name": "FEDORA-2016-e6e8436b98",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html"
},
{
"name": "20160323 CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for \u0027amqps\u0027 if SSL/TLS not supported",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537864/100/0/threaded"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T11:06:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/PROTON-1157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html"
},
{
"name": "FEDORA-2016-e6e8436b98",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html"
},
{
"name": "20160323 CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for \u0027amqps\u0027 if SSL/TLS not supported",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537864/100/0/threaded"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/PROTON-1157",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/PROTON-1157"
},
{
"name": "http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html"
},
{
"name": "FEDORA-2016-e6e8436b98",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html"
},
{
"name": "https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585",
"refsource": "CONFIRM",
"url": "https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585"
},
{
"name": "http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html",
"refsource": "CONFIRM",
"url": "http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html"
},
{
"name": "20160323 CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for \u0027amqps\u0027 if SSL/TLS not supported",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537864/100/0/threaded"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2166",
"datePublished": "2016-04-12T14:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4467 (GCVE-0-2016-4467)
Vulnerability from cvelistv5 – Published: 2017-05-02 14:00 – Updated: 2024-08-06 00:32
VLAI
Summary
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/91788 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2016/07/15/3 | mailing-listx_refsource_MLIST |
| http://www.securitytracker.com/id/1036316 | vdb-entryx_refsource_SECTRACK |
| https://lists.apache.org/thread.html/914424e4d798… | mailing-listx_refsource_MLIST |
Date Public
2016-07-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91788"
},
{
"name": "[oss-security] 20160715 [SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/15/3"
},
{
"name": "1036316",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036316"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T11:06:05.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "91788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91788"
},
{
"name": "[oss-security] 20160715 [SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/15/3"
},
{
"name": "1036316",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036316"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91788"
},
{
"name": "[oss-security] 20160715 [SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/15/3"
},
{
"name": "1036316",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036316"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4467",
"datePublished": "2017-05-02T14:00:00.000Z",
"dateReserved": "2016-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2166 (GCVE-0-2016-2166)
Vulnerability from cvelistv5 – Published: 2016-04-12 14:00 – Updated: 2024-08-05 23:17
VLAI
Summary
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://issues.apache.org/jira/browse/PROTON-1157 | x_refsource_CONFIRM |
| http://packetstormsecurity.com/files/136403/Apach… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://git-wip-us.apache.org/repos/asf?p=qpid-pr… | x_refsource_CONFIRM |
| http://qpid.apache.org/releases/qpid-proton-0.12.… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/537864/100… | mailing-listx_refsource_BUGTRAQ |
| https://lists.apache.org/thread.html/914424e4d798… | mailing-listx_refsource_MLIST |
Date Public
2016-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/PROTON-1157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html"
},
{
"name": "FEDORA-2016-e6e8436b98",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html"
},
{
"name": "20160323 CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for \u0027amqps\u0027 if SSL/TLS not supported",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537864/100/0/threaded"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T11:06:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/PROTON-1157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html"
},
{
"name": "FEDORA-2016-e6e8436b98",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html"
},
{
"name": "20160323 CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for \u0027amqps\u0027 if SSL/TLS not supported",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537864/100/0/threaded"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/PROTON-1157",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/PROTON-1157"
},
{
"name": "http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html"
},
{
"name": "FEDORA-2016-e6e8436b98",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html"
},
{
"name": "https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585",
"refsource": "CONFIRM",
"url": "https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585"
},
{
"name": "http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html",
"refsource": "CONFIRM",
"url": "http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html"
},
{
"name": "20160323 CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for \u0027amqps\u0027 if SSL/TLS not supported",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537864/100/0/threaded"
},
{
"name": "[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2166",
"datePublished": "2016-04-12T14:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}