Page 4 of 30 results (0.011 seconds)

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. Vulnerabilidad no especificada en Apache Qpid 0.30 y anteriores permite a atacantes remotos evadir las restricciones de acceso sobre qpidd a través de vectores desconocidos, relacionado con el manejo de conexiones 0-10. It was discovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed. • http://packetstormsecurity.com/files/130106/Apache-Qpid-0.30-Anonymous-Action-Prevention.html http://seclists.org/bugtraq/2015/Jan/122 http://www.securityfocus.com/bid/72319 https://access.redhat.com/errata/RHBA-2016:1500 https://access.redhat.com/security/cve/CVE-2015-0223 https://bugzilla.redhat.com/show_bug.cgi?id=1186308 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 94%CPEs: 1EXPL: 0

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203. qpidd en Apache Qpid 0.30 y anteriores permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del demonio) mediante un conjunto de secuencias de protocolo manipuladas. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-0203. A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178606.html http://mail-archives.apache.org/mod_mbox/www-announce/201501.mbox/%3C54C60497.5060504%40apache.org%3E http://packetstormsecurity.com/files/130105/Apache-Qpid-0.30-Crash.html http://rhn.redhat.com/errata/RHSA-2015-0660.html http://rhn.redhat.com/errata/RHSA-2015-0661.html http://rhn.redhat.com/errata/RHSA-2015-0662.html http://rhn.redhat.com/errata/RHSA-2015-0707.html http://www.securityfocus.com/arch • CWE-19: Data Processing Errors •

CVSS: 6.5EPSS: 36%CPEs: 1EXPL: 0

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach. El broker qpidd Apache Qpid 0.30 y anteriores permite que usuarios autenticados remotos provoquen una denegación de servicio (cierre inesperado del demonio) mediante un mensaje AMQP con (1) un rango inválido en un conjunto de secuencias, (2) métodos content-bearing distintos de message-transfer o (3) un control session-gap antes del session-attach correspondiente. A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd. • http://www.securityfocus.com/bid/72030 https://access.redhat.com/errata/RHBA-2016:1500 https://issues.apache.org/jira/browse/QPID-6310 https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html https://access.redhat.com/security/cve/CVE-2015-0203 https://bugzilla.redhat.com/show_bug.cgi?id=1181721 • CWE-19: Data Processing Errors •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. Vulnerabilidad de entidad externa XML (XXE) en el módulo XML Exchange en Apache Qpid 0.30 permite a atacantes remotos provocar conexiones HTTP salientes a través de un mensaje manipulado. • http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html http://secunia.com/advisories/62235 http://www.securityfocus.com/archive/1/533943/100/0/threaded http://www.securityfocus.com/bid/71004 https://exchange.xforce.ibmcloud.com/vulnerabilities/98575 • CWE-19: Data Processing Errors •

CVSS: 5.8EPSS: 0%CPEs: 17EXPL: 0

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El cliente Python en Apache Qpid anterior a v2.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, permitiendo a los atacantes de hombre-en-medio (man-in-the-middle) falsificar servidores SSL mediante un certificado válido de su elección. • http://qpid.apache.org/releases/qpid-0.22/release-notes.html http://rhn.redhat.com/errata/RHSA-2013-1024.html http://secunia.com/advisories/53968 http://secunia.com/advisories/54137 http://svn.apache.org/viewvc?view=revision&revision=1460013 https://issues.apache.org/jira/browse/QPID-4918 https://access.redhat.com/security/cve/CVE-2013-1909 https://bugzilla.redhat.com/show_bug.cgi?id=928530 • CWE-20: Improper Input Validation •