Lucene search
HistoryMay 03, 2012 - 11:55 p.m.
CVE-2011-3620
cve-2011-3620
apache qpid
cluster
remote attackers
credential verification
messaging functionality
job functionality
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.0%
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
Affected configurations
Node
apacheqpidMatch0.12
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:qpid | apache qpid | eq | 0.12 |
Related
nessus
nessus
RHEL 6 : Red Hat Enterprise MRG Messaging 2.1 (RHSA-2012:0528)
2014-07-22 00:00:00
RHEL 5 : MRG (RHSA-2012:0529)
2014-07-22 00:00:00
ubuntucve
ubuntucve
CVE-2011-3620
2012-05-03 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:50:58
redhat
redhat
seebug
seebug
Apache Qpid非法访问安全限制绕过漏洞
2012-05-03 00:00:00
prion
prion
Design/Logic Flaw
2012-05-03 23:55:00
cvelist
cvelist
CVE-2011-3620
2012-05-03 23:00:00
nvd
nvd
CVE-2011-3620
2012-05-03 23:55:01
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.0%
Related for CVE-2011-3620