Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2166

Опубликовано: 09 мар. 2016
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

Отчет

This issue affects the versions of qpid-proton as shipped with Red Hat Satellite version 6. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qpid-protonNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qpid-protonNot affected
Red Hat Enterprise MRG 3qpid-protonNot affected
Red Hat OpenStack Platform 8 (Liberty)qpid-protonNot affected
Red Hat Satellite 6python-qpid-protonNot affected
Red Hat Satellite 6.3 for RHEL 7createrepo_cFixedRHBA-2018:033721.02.2018
Red Hat Satellite 6.3 for RHEL 7facterFixedRHBA-2018:033721.02.2018
Red Hat Satellite 6.3 for RHEL 7goferFixedRHBA-2018:033721.02.2018
Red Hat Satellite 6.3 for RHEL 7hieraFixedRHBA-2018:033721.02.2018
Red Hat Satellite 6.3 for RHEL 7koboFixedRHBA-2018:033721.02.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-223
https://bugzilla.redhat.com/show_bug.cgi?id=1320842qpid-proton: reactor sends messages in clear if ssl is requested but not available

EPSS

Процентиль: 50%
0.00271
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2166

CVSS3: 6.5
ubuntu
почти 10 лет назад

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

nvd логотип

CVE-2016-2166

CVSS3: 6.5
nvd
почти 10 лет назад

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

debian логотип

CVE-2016-2166

CVSS3: 6.5
debian
почти 10 лет назад

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3 ...

github логотип

GHSA-f5cf-f7px-xpmh

CVSS3: 6.5
github
больше 7 лет назад

Moderate severity vulnerability that affects org.apache.qpid:proton-j

EPSS

Процентиль: 50%
0.00271
Низкий

4.3 Medium

CVSS2