Lucene search
PRIOn knowledge basePRION:CVE-2016-4467HistoryMay 02, 2017 - 2:59 p.m.
Design/Logic Flaw
2017-05-0214:59:00
PRIOn knowledge base
www.prio-n.com
1
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qpid_proton | eq | 0.12.0 | |
| qpid_proton | eq | 0.12.1 | |
| qpid_proton | eq | 0.13.0 | |
| qpid_proton | eq | 0.11.1 | |
| qpid_proton | eq | 0.11.0 | |
| qpid_proton | eq | 0.10.0 | |
| qpid_proton | eq | 0.9.1 | |
| qpid_proton | eq | 0.12.2 | |
| qpid_proton | eq | 0.9.0 | |
| qpid_proton | eq | 0.8.0 |
Related
cve
cve
CVE-2016-4467
2017-05-02 14:59:00
cvelist
cvelist
CVE-2016-4467
2017-05-02 14:00:00
debiancve
debiancve
CVE-2016-4467
2017-05-02 14:59:00
ubuntucve
ubuntucve
CVE-2016-4467
2017-05-02 00:00:00
nvd
nvd
CVE-2016-4467
2017-05-02 14:59:00