CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2012-4446 – qpid-cpp: qpid authentication bypass
https://notcve.org/view.php?id=CVE-2012-4446
12 Mar 2013 — The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request. La configuración por defecto de Apache Qpid v0.20 y anteriores, cuando el atributo federation_tag está activo, acepta conexiones AMQP sin comprobar el ID del usuario que lo manda, lo que permite a atacantes remotos evitar la autentica... • http://rhn.redhat.com/errata/RHSA-2013-0561.html • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 2%CPEs: 16EXPL: 0CVE-2012-4458 – qpid-cpp: long arrays of zero-width types cause a denial of service
https://notcve.org/view.php?id=CVE-2012-4458
12 Mar 2013 — The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message. El tipo decodificador AMQP de Apache Qpid v0.20 y anteriores permite a atacantes remotos causar una denegación de servicios (consumo de memoria y caída del servicio) a través de un número de grande de ceros en el mapa client-properties en un mensaje connection-s... • http://rhn.redhat.com/errata/RHSA-2013-0561.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2012-4459 – qpid-cpp: crash due to qpid::framing::Buffer::checkAvailable() wraparound
https://notcve.org/view.php?id=CVE-2012-4459
12 Mar 2013 — Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read. Desbordamiento de enteros en la función qpid::framing::Buffer::checkAvailable de Apache Qpid v0.20 y anteriores que permite a atacantes remotos causar una denegación de servicios (caída) a través de un mensaje manipulado, que dispara un error de salida de rango en la lectura. • http://rhn.redhat.com/errata/RHSA-2013-0561.html • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 3%CPEs: 16EXPL: 0CVE-2012-4460
https://notcve.org/view.php?id=CVE-2012-4460
12 Mar 2013 — The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash. Las funciones serializing/deserializing de qpid::framing::Buffer en Apache Qpid v0.20 y anteriores permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida del demo... • http://svn.apache.org/viewvc?view=revision&revision=1453031 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 7%CPEs: 9EXPL: 0CVE-2012-2145 – qpid-cpp: not closing incomplete connections exhausts file descriptors, leading to DoS
https://notcve.org/view.php?id=CVE-2012-2145
28 Sep 2012 — Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections. Apache Qpid v0.17 y anteriores no restringe correctamente las conexiones entrantes de clientes, lo que permite a atacantes remotos provocar una denegación de servicio a través de un gran número de conexiones incompletas. • http://rhn.redhat.com/errata/RHSA-2012-1269.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2012-3467 – qpid-cpp-server-cluster: unauthorized broker access caused by the use of NullAuthenticator catch-up shadow connections
https://notcve.org/view.php?id=CVE-2012-3467
27 Aug 2012 — Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. Apache Qpid v0.14, v0.16, y anteriores utiliza un mecanismo NullAuthenticator para autenticar conexiones de puesta al día de sombra a los corredores AMQP, lo que permite a atacantes remotos evitar la autenticación. • http://rhn.redhat.com/errata/RHSA-2012-1277.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2011-3620 – qpid-cpp: cluster authentication ignores cluster-* settings
https://notcve.org/view.php?id=CVE-2011-3620
03 May 2012 — Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username. Apache Qpid v0.12 no verifica correctamente las credenciales durante la unión de un grupo, lo que permite a atacantes remotos obtener acceso a la funcionalidad de mensajería y funcionalidad de trabajo de un grupo mediante el aprovechamiento de los conocimientos, no... • http://secunia.com/advisories/49000 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2009-5005 – qpid: crash on receipt of invalid AMQP data
https://notcve.org/view.php?id=CVE-2009-5005
18 Oct 2010 — The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. La función Cluster::deliveredEvent de cluster/Cluster.cpp de Apache Qpid, tal como es utilizada en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída del servicio y ... • http://secunia.com/advisories/41710 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2009-5006 – qpid: crash when redeclaring the exchange with specified alternate_exchange
https://notcve.org/view.php?id=CVE-2009-5006
18 Oct 2010 — The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange. La función SessionAdapter::ExchangeHandlerImpl::checkAlternate de broker/SessionAdapter.cpp del componente C++ Broker de... • http://secunia.com/advisories/41710 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2010-3083 – MRG: SSL connections to MRG broker can be blocked
https://notcve.org/view.php?id=CVE-2010-3083
12 Oct 2010 — sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. sys/ssl/SslSocket.cpp en qpidd en Apache Qpid, como se usa en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 y otros productos, cuando SSL está habilitado, permite a atacantes remotos provocar una denegación de servicio (par... • http://secunia.com/advisories/41710 •