The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.
References
Link | Resource |
---|---|
http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3CCAFEMS4tXDKYxKVMmU0zTb_7uzduoUS4_RePnUwz1tj%2BGQLNw5Q%40mail.gmail.com%3E | Vendor Advisory |
http://packetstormsecurity.com/files/137216/Apache-Qpid-Java-Broker-6.0.2-Authentication-Bypass.html | Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/538508/100/0/threaded | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1035983 | Broken Link Third Party Advisory VDB Entry |
https://issues.apache.org/jira/browse/QPID-7257 | Issue Tracking Vendor Advisory |
https://svn.apache.org/viewvc?view=revision&revision=1743161 | Patch Vendor Advisory |
https://svn.apache.org/viewvc?view=revision&revision=1743393 | Patch Vendor Advisory |
Configurations
History
07 Dec 2022, 16:39
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apache qpid Broker-j
|
|
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/538508/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://svn.apache.org/viewvc?view=revision&revision=1743161 - Patch, Vendor Advisory | |
References | (CONFIRM) https://svn.apache.org/viewvc?view=revision&revision=1743393 - Patch, Vendor Advisory | |
References | (CONFIRM) https://issues.apache.org/jira/browse/QPID-7257 - Issue Tracking, Vendor Advisory | |
References | (MISC) http://packetstormsecurity.com/files/137216/Apache-Qpid-Java-Broker-6.0.2-Authentication-Bypass.html - Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id/1035983 - Broken Link, Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:* |
Information
Published : 2016-06-01 20:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-4432
Mitre link : CVE-2016-4432
CVE.ORG link : CVE-2016-4432
JSON object : View
Products Affected
apache
- qpid_broker-j
CWE
CWE-287
Improper Authentication