Page 2 of 13 results (0.013 seconds)

CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0

The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. La configuración por defecto de Apache Qpid v0.20 y anteriores, cuando el atributo federation_tag está activo, acepta conexiones AMQP sin comprobar el ID del usuario que lo manda, lo que permite a atacantes remotos evitar la autenticación y tener otras sin especificar a través de peticiones AMQP. It was found that the Apache Qpid daemon (qpidd) treated AMQP connections with the federation_tag attribute set as a broker-to-broker connection, rather than a client-to-server connection. This resulted in the source user ID of messages not being checked. A client that can establish an AMQP connection with the broker could use this flaw to bypass intended authentication. • http://rhn.redhat.com/errata/RHSA-2013-0561.html http://rhn.redhat.com/errata/RHSA-2013-0562.html http://secunia.com/advisories/52516 https://bugzilla.redhat.com/show_bug.cgi?id=851355 https://issues.apache.org/jira/browse/QPID-4631 https://access.redhat.com/security/cve/CVE-2012-4446 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 1%CPEs: 16EXPL: 0

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message. El tipo decodificador AMQP de Apache Qpid v0.20 y anteriores permite a atacantes remotos causar una denegación de servicios (consumo de memoria y caída del servicio) a través de un número de grande de ceros en el mapa client-properties en un mensaje connection-start-ok. • http://rhn.redhat.com/errata/RHSA-2013-0561.html http://rhn.redhat.com/errata/RHSA-2013-0562.html http://secunia.com/advisories/52516 http://svn.apache.org/viewvc?view=revision&revision=1453031 https://bugzilla.redhat.com/show_bug.cgi?id=861234 https://issues.apache.org/jira/browse/QPID-4629 https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID https://access.redhat.com/security/cve/CVE-2012-4458 • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 1%CPEs: 16EXPL: 0

Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read. Desbordamiento de enteros en la función qpid::framing::Buffer::checkAvailable de Apache Qpid v0.20 y anteriores que permite a atacantes remotos causar una denegación de servicios (caída) a través de un mensaje manipulado, que dispara un error de salida de rango en la lectura. • http://rhn.redhat.com/errata/RHSA-2013-0561.html http://rhn.redhat.com/errata/RHSA-2013-0562.html http://secunia.com/advisories/52516 http://svn.apache.org/viewvc?view=revision&revision=1453031 https://bugzilla.redhat.com/show_bug.cgi?id=861241 https://issues.apache.org/jira/browse/QPID-4629 https://issues.apache.org/jira/issues/?jql=fixVersion%20%3D%20%220.21%22%20AND%20project%20%3D%20QPID https://access.redhat.com/security/cve/CVE-2012-4459 • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0

Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections. Apache Qpid v0.17 y anteriores no restringe correctamente las conexiones entrantes de clientes, lo que permite a atacantes remotos provocar una denegación de servicio a través de un gran número de conexiones incompletas. • http://rhn.redhat.com/errata/RHSA-2012-1269.html http://rhn.redhat.com/errata/RHSA-2012-1277.html http://secunia.com/advisories/50573 http://secunia.com/advisories/50698 http://secunia.com/advisories/50699 http://www.securityfocus.com/bid/55608 https://bugzilla.redhat.com/show_bug.cgi?id=817175 https://exchange.xforce.ibmcloud.com/vulnerabilities/78730 https://issues.apache.org/jira/browse/QPID-2616 https://issues.apache.org/jira/browse/QPID-4021 https://access.redhat. • CWE-399: Resource Management Errors •

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. Apache Qpid v0.14, v0.16, y anteriores utiliza un mecanismo NullAuthenticator para autenticar conexiones de puesta al día de sombra a los corredores AMQP, lo que permite a atacantes remotos evitar la autenticación. • http://rhn.redhat.com/errata/RHSA-2012-1277.html http://rhn.redhat.com/errata/RHSA-2012-1279.html http://secunia.com/advisories/50186 http://secunia.com/advisories/50698 http://svn.apache.org/viewvc?view=revision&revision=1352992 http://www.openwall.com/lists/oss-security/2012/08/09/6 http://www.securityfocus.com/bid/54954 https://bugzilla.redhat.com/show_bug.cgi?id=836276 https://exchange.xforce.ibmcloud.com/vulnerabilities/77568 https://issues.apache.org/jira/browse/ • CWE-287: Improper Authentication •