VYPR

Maven package

org.apache.qpid/qpid-broker

pkg:maven/org.apache.qpid/qpid-broker

Vulnerabilities (4)

  • CVE-2017-15702CriDec 1, 2017
    affected >= 0.18, < 6.0.0fixed 6.0.0

    In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentica

  • CVE-2017-15701HigDec 1, 2017
    affected >= 6.1.0, < 6.1.5fixed 6.1.5

    In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older

  • CVE-2016-8741HigMay 15, 2017
    affected >= 6.0.0, < 6.0.6fixed 6.0.6

    The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache

  • CVE-2016-3094MedJun 1, 2016
    affected < 6.0.3fixed 6.0.3

    PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.