7.4

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheQpid Version >= 0.9 <= 0.27.0
RedhatJboss Amq Clients 2 Version-
   RedhatLinux Version6.0
   RedhatLinux Version7.0
RedhatOpenstack Version13
RedhatOpenstack Version14
RedhatSatellite Version6.3
RedhatSatellite Version6.4
RedhatSatellite Version6.5
RedhatEnterprise Linux Eus Version6.7
RedhatEnterprise Linux Eus Version7.2
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.2% 0.927
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/04/23/4
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/108044
Broken Link
https://access.redhat.com/errata/RHSA-2019:0886
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1398
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1399
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1400
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2777
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2778
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2779
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2780
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2781
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2782
Third Party Advisory
https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
Vendor Advisory
Issue Tracking
https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E
https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E
https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E
https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E