VYPR

Qpid Broker J

by Apache

Source repositories

CVEs (9)

  • CVE-2017-15702CriDec 1, 2017
    risk 0.64cvss 9.8epss 0.06

    In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an…

  • CVE-2016-4432CriJun 1, 2016
    risk 0.53cvss 9.1epss 0.08

    The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.

  • CVE-2016-8741HigMay 15, 2017
    risk 0.49cvss 7.5epss 0.06

    The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in…

  • CVE-2018-8030HigJun 20, 2018
    risk 0.42cvss 7.5epss 0.04

    A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP…

  • CVE-2017-15701HigDec 1, 2017
    risk 0.42cvss 7.5epss 0.04

    In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older…

  • CVE-2018-1298MedFeb 9, 2018
    risk 0.39cvss 5.9epss 0.02

    A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the…

  • CVE-2016-3094MedJun 1, 2016
    risk 0.32cvss 5.9epss 0.08

    PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.

  • CVE-2019-0200Mar 6, 2019
    risk 0.00cvss epss 0.04

    A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91…

  • CVE-2009-5006Oct 18, 2010
    risk 0.00cvss epss 0.04

    The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service…