Описание
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | mingw32-qpid-cpp | Not affected | ||
| Red Hat Enterprise Linux 6 | qpid-cpp | Not affected | ||
| MRG for RHEL-5 v. 2 | mrg-release | Fixed | RHSA-2012:1277 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | python-qpid | Fixed | RHSA-2012:1277 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | qpid-cpp-mrg | Fixed | RHSA-2012:1277 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | qpid-java | Fixed | RHSA-2012:1277 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | qpid-jca | Fixed | RHSA-2012:1277 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | qpid-qmf | Fixed | RHSA-2012:1277 | 19.09.2012 |
| MRG for RHEL-5 v. 2 | qpid-tools | Fixed | RHSA-2012:1277 | 19.09.2012 |
| Red Hat Enterprise MRG 2 | mrg-release | Fixed | RHSA-2012:1279 | 19.09.2012 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism ...
Уязвимость системы обмена программными сообщениями Apache Qpid, позволяющая злоумышленнику получить права доступа легального пользователя
EPSS
6.4 Medium
CVSS2