CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0223 – qpid-cpp: anonymous access to qpidd cannot be prevented
https://notcve.org/view.php?id=CVE-2015-0223
26 Jan 2015 — Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. Vulnerabilidad no especificada en Apache Qpid 0.30 y anteriores permite a atacantes remotos evadir las restricciones de acceso sobre qpidd a través de vectores desconocidos, relacionado con el manejo de conexiones 0-10. It was discovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mech... • http://packetstormsecurity.com/files/130106/Apache-Qpid-0.30-Anonymous-Action-Prevention.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 83%CPEs: 1EXPL: 0CVE-2015-0224 – qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)
https://notcve.org/view.php?id=CVE-2015-0224
26 Jan 2015 — qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203. qpidd en Apache Qpid 0.30 y anteriores permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del demonio) mediante un conjunto de secuencias de protocolo manipuladas. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-0203. A fl... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178606.html • CWE-19: Data Processing Errors •
CVSS: 6.5EPSS: 6%CPEs: 1EXPL: 0CVE-2015-0203 – qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling
https://notcve.org/view.php?id=CVE-2015-0203
14 Jan 2015 — The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach. El broker qpidd Apache Qpid 0.30 y anteriores permite que usuarios autenticados remotos provoquen una denegación de servicio (cierre inesperado del demonio) mediante un mensaje AMQP con (1) un ra... • http://www.securityfocus.com/bid/72030 • CWE-19: Data Processing Errors •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2013-1909 – python-qpid: client does not validate qpid server TLS/SSL certificate
https://notcve.org/view.php?id=CVE-2013-1909
11 Jul 2013 — The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El cliente Python en Apache Qpid anterior a v2.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, permitiendo a los... • http://qpid.apache.org/releases/qpid-0.22/release-notes.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2012-4460
https://notcve.org/view.php?id=CVE-2012-4460
12 Mar 2013 — The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash. Las funciones serializing/deserializing de qpid::framing::Buffer en Apache Qpid v0.20 y anteriores permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida del demo... • http://svn.apache.org/viewvc?view=revision&revision=1453031 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2012-4446 – qpid-cpp: qpid authentication bypass
https://notcve.org/view.php?id=CVE-2012-4446
12 Mar 2013 — The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. La configuración por defecto de Apache Qpid v0.20 y anteriores, cuando el atributo federation_tag está activo, acepta conexiones AMQP sin comprobar el ID del usuario que lo manda, lo que permite a atacantes remotos evitar la autentica... • http://rhn.redhat.com/errata/RHSA-2013-0561.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2012-4459 – qpid-cpp: crash due to qpid::framing::Buffer::checkAvailable() wraparound
https://notcve.org/view.php?id=CVE-2012-4459
12 Mar 2013 — Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read. Desbordamiento de enteros en la función qpid::framing::Buffer::checkAvailable de Apache Qpid v0.20 y anteriores que permite a atacantes remotos causar una denegación de servicios (caída) a través de un mensaje manipulado, que dispara un error de salida de rango en la lectura. • http://rhn.redhat.com/errata/RHSA-2013-0561.html • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 2%CPEs: 16EXPL: 0CVE-2012-4458 – qpid-cpp: long arrays of zero-width types cause a denial of service
https://notcve.org/view.php?id=CVE-2012-4458
12 Mar 2013 — The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message. El tipo decodificador AMQP de Apache Qpid v0.20 y anteriores permite a atacantes remotos causar una denegación de servicios (consumo de memoria y caída del servicio) a través de un número de grande de ceros en el mapa client-properties en un mensaje connection-s... • http://rhn.redhat.com/errata/RHSA-2013-0561.html • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 3%CPEs: 9EXPL: 0CVE-2012-2145 – qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS
https://notcve.org/view.php?id=CVE-2012-2145
28 Sep 2012 — Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections. Apache Qpid v0.17 y anteriores no restringe correctamente las conexiones entrantes de clientes, lo que permite a atacantes remotos provocar una denegación de servicio a través de un gran número de conexiones incompletas. • http://rhn.redhat.com/errata/RHSA-2012-1269.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-3467 – qpid-cpp-server-cluster: unauthorized broker access caused by the use of NullAuthenticator catch-up shadow connections
https://notcve.org/view.php?id=CVE-2012-3467
27 Aug 2012 — Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. Apache Qpid v0.14, v0.16, y anteriores utiliza un mecanismo NullAuthenticator para autenticar conexiones de puesta al día de sombra a los corredores AMQP, lo que permite a atacantes remotos evitar la autenticación. • http://rhn.redhat.com/errata/RHSA-2012-1277.html • CWE-287: Improper Authentication •