CVE-2015-0223 – qpid-cpp: anonymous access to qpidd cannot be prevented
https://notcve.org/view.php?id=CVE-2015-0223
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. Vulnerabilidad no especificada en Apache Qpid 0.30 y anteriores permite a atacantes remotos evadir las restricciones de acceso sobre qpidd a través de vectores desconocidos, relacionado con el manejo de conexiones 0-10. It was discovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed. • http://packetstormsecurity.com/files/130106/Apache-Qpid-0.30-Anonymous-Action-Prevention.html http://seclists.org/bugtraq/2015/Jan/122 http://www.securityfocus.com/bid/72319 https://access.redhat.com/errata/RHBA-2016:1500 https://access.redhat.com/security/cve/CVE-2015-0223 https://bugzilla.redhat.com/show_bug.cgi?id=1186308 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-0224 – qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)
https://notcve.org/view.php?id=CVE-2015-0224
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203. qpidd en Apache Qpid 0.30 y anteriores permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del demonio) mediante un conjunto de secuencias de protocolo manipuladas. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-0203. A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178606.html http://mail-archives.apache.org/mod_mbox/www-announce/201501.mbox/%3C54C60497.5060504%40apache.org%3E http://packetstormsecurity.com/files/130105/Apache-Qpid-0.30-Crash.html http://rhn.redhat.com/errata/RHSA-2015-0660.html http://rhn.redhat.com/errata/RHSA-2015-0661.html http://rhn.redhat.com/errata/RHSA-2015-0662.html http://rhn.redhat.com/errata/RHSA-2015-0707.html http://www.securityfocus.com/arch • CWE-19: Data Processing Errors •
CVE-2015-0203 – qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling
https://notcve.org/view.php?id=CVE-2015-0203
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach. El broker qpidd Apache Qpid 0.30 y anteriores permite que usuarios autenticados remotos provoquen una denegación de servicio (cierre inesperado del demonio) mediante un mensaje AMQP con (1) un rango inválido en un conjunto de secuencias, (2) métodos content-bearing distintos de message-transfer o (3) un control session-gap antes del session-attach correspondiente. A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd. • http://www.securityfocus.com/bid/72030 https://access.redhat.com/errata/RHBA-2016:1500 https://issues.apache.org/jira/browse/QPID-6310 https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html https://access.redhat.com/security/cve/CVE-2015-0203 https://bugzilla.redhat.com/show_bug.cgi?id=1181721 • CWE-19: Data Processing Errors •
CVE-2013-1909 – python-qpid: client does not validate qpid server TLS/SSL certificate
https://notcve.org/view.php?id=CVE-2013-1909
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El cliente Python en Apache Qpid anterior a v2.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, permitiendo a los atacantes de hombre-en-medio (man-in-the-middle) falsificar servidores SSL mediante un certificado válido de su elección. • http://qpid.apache.org/releases/qpid-0.22/release-notes.html http://rhn.redhat.com/errata/RHSA-2013-1024.html http://secunia.com/advisories/53968 http://secunia.com/advisories/54137 http://svn.apache.org/viewvc?view=revision&revision=1460013 https://issues.apache.org/jira/browse/QPID-4918 https://access.redhat.com/security/cve/CVE-2013-1909 https://bugzilla.redhat.com/show_bug.cgi?id=928530 • CWE-20: Improper Input Validation •
CVE-2012-4460
https://notcve.org/view.php?id=CVE-2012-4460
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash. Las funciones serializing/deserializing de qpid::framing::Buffer en Apache Qpid v0.20 y anteriores permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida del demonio) a través de vectores no especificados. NOTA: este problema también podría provocar un error de salida de límites al leer, pero no podrían dar lugar a una caída. • http://svn.apache.org/viewvc?view=revision&revision=1453031 https://bugzilla.redhat.com/show_bug.cgi?id=861242 https://issues.apache.org/jira/browse/QPID-4629 https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •