Lucene search
F5F5:K23675185HistoryJun 16, 2016 - 12:00 a.m.
K23675185 : Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432
2016-06-1600:00:00
my.f5.com
15
Security Advisory Description
PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.
Impact
There is no impact; F5 products are not affected by this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 | |
| big-ip afm | eq | 12.0.0 |
Related
f5
f5
SOL23675185 - Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432
2016-06-16 00:00:00
redhatcve
redhatcve
CVE-2016-4432
2016-05-30 10:48:50
CVE-2016-3094
2016-05-30 06:48:49
ubuntucve
ubuntucve
CVE-2016-4432
2016-06-01 00:00:00
CVE-2016-3094
2016-06-01 00:00:00
cvelist
cvelist
CVE-2016-4432
2016-06-01 20:00:00
CVE-2016-3094
2016-06-01 20:00:00
github
github
cve
cve
CVE-2016-4432
2016-06-01 20:59:07
CVE-2016-3094
2016-06-01 20:59:05
osv
osv
nvd
nvd
CVE-2016-4432
2016-06-01 20:59:07
CVE-2016-3094
2016-06-01 20:59:05
prion
prion
Authentication flaw
2016-06-01 20:59:00
Code injection
2016-06-01 20:59:00