CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2015-0223 – qpid-cpp: anonymous access to qpidd cannot be prevented
https://notcve.org/view.php?id=CVE-2015-0223
26 Jan 2015 — Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. Vulnerabilidad no especificada en Apache Qpid 0.30 y anteriores permite a atacantes remotos evadir las restricciones de acceso sobre qpidd a través de vectores desconocidos, relacionado con el manejo de conexiones 0-10. It was discovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mech... • http://packetstormsecurity.com/files/130106/Apache-Qpid-0.30-Anonymous-Action-Prevention.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 56%CPEs: 1EXPL: 0CVE-2015-0224 – qpid-cpp: AMQP 0-10 protocol sequence-set maximal range DoS (incomplete CVE-2015-0203 fix)
https://notcve.org/view.php?id=CVE-2015-0224
26 Jan 2015 — qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203. qpidd en Apache Qpid 0.30 y anteriores permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del demonio) mediante un conjunto de secuencias de protocolo manipuladas. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-0203. A fl... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178606.html • CWE-19: Data Processing Errors •
CVSS: 6.5EPSS: 11%CPEs: 1EXPL: 0CVE-2015-0203 – qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling
https://notcve.org/view.php?id=CVE-2015-0203
14 Jan 2015 — The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach. El broker qpidd Apache Qpid 0.30 y anteriores permite que usuarios autenticados remotos provoquen una denegación de servicio (cierre inesperado del demonio) mediante un mensaje AMQP con (1) un ra... • http://www.securityfocus.com/bid/72030 • CWE-19: Data Processing Errors •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3629 – Apache Qpid 0.30 Induced HTTP Requests
https://notcve.org/view.php?id=CVE-2014-3629
08 Nov 2014 — XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. Vulnerabilidad de entidad externa XML (XXE) en el módulo XML Exchange en Apache Qpid 0.30 permite a atacantes remotos provocar conexiones HTTP salientes a través de un mensaje manipulado. Apache Qpid's qpidd versions 0.30 and below can be induced to make HTTP requests. • http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html • CWE-19: Data Processing Errors •