CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2012-3467 – qpid-cpp-server-cluster: unauthorized broker access caused by the use of NullAuthenticator catch-up shadow connections
https://notcve.org/view.php?id=CVE-2012-3467
27 Aug 2012 — Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. Apache Qpid v0.14, v0.16, y anteriores utiliza un mecanismo NullAuthenticator para autenticar conexiones de puesta al día de sombra a los corredores AMQP, lo que permite a atacantes remotos evitar la autenticación. • http://rhn.redhat.com/errata/RHSA-2012-1277.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2011-3620 – qpid-cpp: cluster authentication ignores cluster-* settings
https://notcve.org/view.php?id=CVE-2011-3620
03 May 2012 — Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username. Apache Qpid v0.12 no verifica correctamente las credenciales durante la unión de un grupo, lo que permite a atacantes remotos obtener acceso a la funcionalidad de mensajería y funcionalidad de trabajo de un grupo mediante el aprovechamiento de los conocimientos, no... • http://secunia.com/advisories/49000 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2009-5005 – qpid: crash on receipt of invalid AMQP data
https://notcve.org/view.php?id=CVE-2009-5005
18 Oct 2010 — The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. La función Cluster::deliveredEvent de cluster/Cluster.cpp de Apache Qpid, tal como es utilizada en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída del servicio y ... • http://secunia.com/advisories/41710 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2009-5006 – qpid: crash when redeclaring the exchange with specified alternate_exchange
https://notcve.org/view.php?id=CVE-2009-5006
18 Oct 2010 — The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange. La función SessionAdapter::ExchangeHandlerImpl::checkAlternate de broker/SessionAdapter.cpp del componente C++ Broker de... • http://secunia.com/advisories/41710 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2010-3083 – MRG: SSL connections to MRG broker can be blocked
https://notcve.org/view.php?id=CVE-2010-3083
12 Oct 2010 — sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. sys/ssl/SslSocket.cpp en qpidd en Apache Qpid, como se usa en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 y otros productos, cuando SSL está habilitado, permite a atacantes remotos provocar una denegación de servicio (par... • http://secunia.com/advisories/41710 •