CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2019-0200
https://notcve.org/view.php?id=CVE-2019-0200
06 Mar 2019 — A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later. Se ha detectado una vulnerabilidad de d... • http://www.securityfocus.com/bid/107215 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-8741 – Apache Qpid Broker for Java 6.1.0 Information Leak
https://notcve.org/view.php?id=CVE-2016-8741
28 Dec 2016 — The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The... • http://qpid.2158936.n2.nabble.com/CVE-2016-8741-Apache-Qpid-Broker-for-Java-Information-Leakage-td7657025.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •