Lucene search

[email protected]CVE-2012-4446

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4446

2022-10-0316:15:34

CWE-287

[email protected]

web.nvd.nist.gov

cve-2012-4446

apache qpid

amqp

authentication bypass

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.

Affected configurations

NVD

Node

apacheqpidRange≤0.20

apacheqpidMatch0.5

apacheqpidMatch0.6

apacheqpidMatch0.7

apacheqpidMatch0.8

apacheqpidMatch0.9

apacheqpidMatch0.10

apacheqpidMatch0.11

apacheqpidMatch0.12

apacheqpidMatch0.13

apacheqpidMatch0.14

apacheqpidMatch0.15

apacheqpidMatch0.16

apacheqpidMatch0.17

apacheqpidMatch0.18

apacheqpidMatch0.19

CPENameOperatorVersion
apache:qpidapache qpidle0.20
apache:qpidapache qpideq0.5
apache:qpidapache qpideq0.6
apache:qpidapache qpideq0.7
apache:qpidapache qpideq0.8
apache:qpidapache qpideq0.9
apache:qpidapache qpideq0.10
apache:qpidapache qpideq0.11
apache:qpidapache qpideq0.12
apache:qpidapache qpideq0.13

CPE	Name	Operator	Version
apache:qpid	apache qpid	le	0.20
apache:qpid	apache qpid	eq	0.5
apache:qpid	apache qpid	eq	0.6
apache:qpid	apache qpid	eq	0.7
apache:qpid	apache qpid	eq	0.8
apache:qpid	apache qpid	eq	0.9
apache:qpid	apache qpid	eq	0.10
apache:qpid	apache qpid	eq	0.11
apache:qpid	apache qpid	eq	0.12
apache:qpid	apache qpid	eq	0.13