Apache

Qpid

16 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2019-0223

  • EPSS 0.53%
  • Published 23.04.2019 16:29:00
  • Last modified 21.11.2024 04:16:31

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer cert...

6.5

CVE-2015-0203

  • EPSS 17.1%
  • Published 21.02.2018 15:29:00
  • Last modified 21.11.2024 02:22:31

The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, o...

7.5

CVE-2015-0224

  • EPSS 57.42%
  • Published 30.10.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.

5

CVE-2015-0223

  • EPSS 2.28%
  • Published 02.02.2015 16:59:03
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.

4.3

CVE-2014-3629

  • EPSS 1.74%
  • Published 17.11.2014 16:59:00
  • Last modified 12.04.2025 10:46:40

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.

5.8

CVE-2013-1909

  • EPSS 0.59%
  • Published 23.08.2013 16:55:07
  • Last modified 11.04.2025 00:51:21

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serve...

5

CVE-2012-4458

  • EPSS 2.64%
  • Published 14.03.2013 03:10:23
  • Last modified 11.04.2025 00:51:21

The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.

5

CVE-2012-4459

  • EPSS 1.19%
  • Published 14.03.2013 03:10:23
  • Last modified 11.04.2025 00:51:21

Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.

5

CVE-2012-4460

  • EPSS 2.69%
  • Published 14.03.2013 03:10:23
  • Last modified 11.04.2025 00:51:21

The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also t...

6.8

CVE-2012-4446

  • EPSS 0.23%
  • Published 14.03.2013 03:10:22
  • Last modified 11.04.2025 00:51:21

The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified ...