Page 3 of 15 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. Apache Qpid v0.14, v0.16, y anteriores utiliza un mecanismo NullAuthenticator para autenticar conexiones de puesta al día de sombra a los corredores AMQP, lo que permite a atacantes remotos evitar la autenticación. • http://rhn.redhat.com/errata/RHSA-2012-1277.html http://rhn.redhat.com/errata/RHSA-2012-1279.html http://secunia.com/advisories/50186 http://secunia.com/advisories/50698 http://svn.apache.org/viewvc?view=revision&revision=1352992 http://www.openwall.com/lists/oss-security/2012/08/09/6 http://www.securityfocus.com/bid/54954 https://bugzilla.redhat.com/show_bug.cgi?id=836276 https://exchange.xforce.ibmcloud.com/vulnerabilities/77568 https://issues.apache.org/jira/browse/ • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username. Apache Qpid v0.12 no verifica correctamente las credenciales durante la unión de un grupo, lo que permite a atacantes remotos obtener acceso a la funcionalidad de mensajería y funcionalidad de trabajo de un grupo mediante el aprovechamiento de los conocimientos, nombre de usuario. • http://secunia.com/advisories/49000 http://www.securitytracker.com/id?1026990 https://bugzilla.redhat.com/show_bug.cgi?id=747078 https://issues.apache.org/jira/browse/QPID-3652 https://reviews.apache.org/r/2988 https://access.redhat.com/security/cve/CVE-2011-3620 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. La función Cluster::deliveredEvent de cluster/Cluster.cpp de Apache Qpid, tal como es utilizada en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída del servicio y del cluster) a través de datos AMQP inválidos. • http://secunia.com/advisories/41710 http://secunia.com/advisories/41812 http://svn.apache.org/viewvc?revision=785788&view=revision http://www.vupen.com/english/advisories/2010/2684 https://bugzilla.redhat.com/show_bug.cgi?id=642373 https://rhn.redhat.com/errata/RHSA-2010-0773.html https://rhn.redhat.com/errata/RHSA-2010-0774.html https://access.redhat.com/security/cve/CVE-2009-5005 •

CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange. La función SessionAdapter::ExchangeHandlerImpl::checkAlternate de broker/SessionAdapter.cpp del componente C++ Broker de Apache Qpid en versiones anteriores a la v0.6, tal como es utilizado en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a usuarios autenticados remotos provocar una denegación de servicio (resolución de puntero NULL, caída del demonio, y apagón del cluster) tratando de modificar el suplente de un intercambio. • http://secunia.com/advisories/41710 http://secunia.com/advisories/41812 http://svn.apache.org/viewvc?revision=811188&view=revision http://www.vupen.com/english/advisories/2010/2684 https://bugzilla.redhat.com/show_bug.cgi?id=642377 https://issues.apache.org/jira/browse/QPID-2080 https://rhn.redhat.com/errata/RHSA-2010-0773.html https://rhn.redhat.com/errata/RHSA-2010-0774.html https://access.redhat.com/security/cve/CVE-2009-5006 •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. sys/ssl/SslSocket.cpp en qpidd en Apache Qpid, como se usa en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 y otros productos, cuando SSL está habilitado, permite a atacantes remotos provocar una denegación de servicio (parada de demonio) conectando al puerto SSL pero no participando en una negociación SSL. • http://secunia.com/advisories/41710 http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch http://www.openwall.com/lists/oss-security/2010/10/08/1 http://www.redhat.com/support/errata/RHSA-2010-0756.html http://www.redhat.com/support/errata/RHSA-2010-0757.html https://bugzilla.redhat.com/show_bug.cgi?id=632657 https://access.redhat.com/security/cve/CVE-2010-3083 •