CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17187
https://notcve.org/view.php?id=CVE-2018-17187
13 Nov 2018 — The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versio... • http://www.securityfocus.com/bid/105935 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2016-4467
https://notcve.org/view.php?id=CVE-2016-4467
02 May 2017 — The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. El cliente en C y basado en C, en la librería Apache Qpid Proton anterior a la versión 0.13.1 en Windows no verifica co... • http://www.openwall.com/lists/oss-security/2016/07/15/3 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2166 – Apache Qpid Proton 0.12.0 SSL Failure
https://notcve.org/view.php?id=CVE-2016-2166
23 Mar 2016 — The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. Las clases (1) proton.reactor.Connector, (2) proton.reactor.Container y (3) proton.utils.BlockingConnection en Apache Qpid Proton en versiones anter... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •