VYPR

Qpid Proton

by Apache

CVEs (4)

  • CVE-2019-0223HigApr 23, 2019
    risk 0.49cvss 7.4epss 0.06

    While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with…

  • CVE-2018-17187HigNov 13, 2018
    risk 0.41cvss 7.4epss 0.03

    The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer…

  • CVE-2016-4467MedMay 2, 2017
    risk 0.38cvss 5.9epss 0.02

    The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the…

  • CVE-2016-2166MedApr 12, 2016
    risk 0.36cvss 6.5epss 0.04

    The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow…