CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2019-0223 – qpid-proton: TLS Man in the Middle Vulnerability
https://notcve.org/view.php?id=CVE-2019-0223
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. Mientras investigábamos el error PROTON-2014, descubrimos que en algunas circunstancias las versiones de Apache Qpid Proton 0.9 a 0.27.0 (librería de C y sus adaptaciones de lenguaje) pueden conectarse a un peer de forma anónima utilizando TLS *incluso cuando está configurado para verificar el certificado del peer* mientras se utiliza con versiones de OpenSSL anteriores a la 1.1.0. Esto significa que un ataque man in the middle podría ser construido si un atacante puede interceptar el tráfico TLS. A cryptographic weakness was discovered in qpid-proton's use of TLS. • http://www.openwall.com/lists/oss-security/2019/04/23/4 http://www.securityfocus.com/bid/108044 https://access.redhat.com/errata/RHSA-2019:0886 https://access.redhat.com/errata/RHSA-2019:1398 https://access.redhat.com/errata/RHSA-2019:1399 https://access.redhat.com/errata/RHSA-2019:1400 https://access.redhat.com/errata/RHSA-2019:2777 https://access.redhat.com/errata/RHSA-2019:2778 https://access.redhat.com/errata/RHSA-2019:2779 https://access.redhat.com/errata/ • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0223 – qpid-cpp: anonymous access to qpidd cannot be prevented
https://notcve.org/view.php?id=CVE-2015-0223
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. Vulnerabilidad no especificada en Apache Qpid 0.30 y anteriores permite a atacantes remotos evadir las restricciones de acceso sobre qpidd a través de vectores desconocidos, relacionado con el manejo de conexiones 0-10. It was discovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed. • http://packetstormsecurity.com/files/130106/Apache-Qpid-0.30-Anonymous-Action-Prevention.html http://seclists.org/bugtraq/2015/Jan/122 http://www.securityfocus.com/bid/72319 https://access.redhat.com/errata/RHBA-2016:1500 https://access.redhat.com/security/cve/CVE-2015-0223 https://bugzilla.redhat.com/show_bug.cgi?id=1186308 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 94%CPEs: 1EXPL: 0CVE-2015-0224 – qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)
https://notcve.org/view.php?id=CVE-2015-0224
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203. qpidd en Apache Qpid 0.30 y anteriores permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del demonio) mediante un conjunto de secuencias de protocolo manipuladas. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-0203. A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set that could use this flaw to crash qpidd. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178606.html http://mail-archives.apache.org/mod_mbox/www-announce/201501.mbox/%3C54C60497.5060504%40apache.org%3E http://packetstormsecurity.com/files/130105/Apache-Qpid-0.30-Crash.html http://rhn.redhat.com/errata/RHSA-2015-0660.html http://rhn.redhat.com/errata/RHSA-2015-0661.html http://rhn.redhat.com/errata/RHSA-2015-0662.html http://rhn.redhat.com/errata/RHSA-2015-0707.html http://www.securityfocus.com/arch • CWE-19: Data Processing Errors •
CVSS: 6.5EPSS: 36%CPEs: 1EXPL: 0CVE-2015-0203 – qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling
https://notcve.org/view.php?id=CVE-2015-0203
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach. El broker qpidd Apache Qpid 0.30 y anteriores permite que usuarios autenticados remotos provoquen una denegación de servicio (cierre inesperado del demonio) mediante un mensaje AMQP con (1) un rango inválido en un conjunto de secuencias, (2) métodos content-bearing distintos de message-transfer o (3) un control session-gap antes del session-attach correspondiente. A flaw was found in the way the Qpid daemon (qpidd) processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd. • http://www.securityfocus.com/bid/72030 https://access.redhat.com/errata/RHBA-2016:1500 https://issues.apache.org/jira/browse/QPID-6310 https://packetstormsecurity.com/files/129941/Apache-Qpid-0.30-Denial-Of-Service.html https://access.redhat.com/security/cve/CVE-2015-0203 https://bugzilla.redhat.com/show_bug.cgi?id=1181721 • CWE-19: Data Processing Errors •
CVSS: 5.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-1909 – python-qpid: client does not validate qpid server TLS/SSL certificate
https://notcve.org/view.php?id=CVE-2013-1909
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El cliente Python en Apache Qpid anterior a v2.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, permitiendo a los atacantes de hombre-en-medio (man-in-the-middle) falsificar servidores SSL mediante un certificado válido de su elección. • http://qpid.apache.org/releases/qpid-0.22/release-notes.html http://rhn.redhat.com/errata/RHSA-2013-1024.html http://secunia.com/advisories/53968 http://secunia.com/advisories/54137 http://svn.apache.org/viewvc?view=revision&revision=1460013 https://issues.apache.org/jira/browse/QPID-4918 https://access.redhat.com/security/cve/CVE-2013-1909 https://bugzilla.redhat.com/show_bug.cgi?id=928530 • CWE-20: Improper Input Validation •