5

CVE-2012-3467

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheQpid Version <= 0.16
ApacheQpid Version0.5
ApacheQpid Version0.6
ApacheQpid Version0.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.39% 0.928
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://rhn.redhat.com/errata/RHSA-2012-1277.html
http://rhn.redhat.com/errata/RHSA-2012-1279.html
http://secunia.com/advisories/50186
Vendor Advisory
http://secunia.com/advisories/50698
http://svn.apache.org/viewvc?view=revision&revision=1352992
http://www.openwall.com/lists/oss-security/2012/08/09/6
http://www.securityfocus.com/bid/54954
https://bugzilla.redhat.com/show_bug.cgi?id=836276
https://exchange.xforce.ibmcloud.com/vulnerabilities/77568
https://issues.apache.org/jira/browse/QPID-3849