VYPR
Medium severity5.9NVD Advisory· Published May 2, 2017· Updated Jun 17, 2026

CVE-2016-4467

CVE-2016-4467

Description

The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Apache/Qpid Proton11 versions
    cpe:2.3:a:apache:qpid_proton:0.10.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:apache:qpid_proton:0.10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:qpid_proton:0.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:qpid_proton:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:qpid_proton:0.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:qpid_proton:0.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:qpid_proton:0.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:qpid_proton:0.13.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:qpid_proton:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:qpid_proton:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:qpid_proton:0.9.1:*:*:*:*:*:*:*
    • (no CPE)range: <0.13.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.