Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2016-4432
HistoryMay 30, 2016 - 10:48 a.m.

CVE-2016-4432

2016-05-3010:48:50
redhat.com
access.redhat.com
4

0.002 Low

EPSS

Percentile

61.0%

JSON

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.

Mitigation

If upgrading is not possible, the vulnerability can be mitigated using
an ACL file containing "ACCESS VIRTUALHOST" clauses that white-lists
user access to all virtualhosts.

If AMQP 0-8, 0-9, 0-91, and 0-10 support is not required, the
vulnerability can also be mitigated by turning off these protocols at
the Port level.

Related

ubuntucve 1
cvelist 1
github 1
cve 1
osv 1
nvd 1
prion 1
f5 2
ubuntucve
ubuntucve
CVE-2016-4432
2016-06-01 00:00:00
cvelist
cvelist
CVE-2016-4432
2016-06-01 20:00:00
github
github
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
2018-10-16 19:49:48
cve
cve
CVE-2016-4432
2016-06-01 20:59:07
osv
osv
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
2018-10-16 19:49:48
nvd
nvd
CVE-2016-4432
2016-06-01 20:59:07
prion
prion
Authentication flaw
2016-06-01 20:59:00
f5
f5
SOL23675185 - Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432
2016-06-16 00:00:00
K23675185 : Apache Qpid vulnerabilities CVE-2016-3094 and CVE-2016-4432
2016-06-16 00:00:00

0.002 Low

EPSS

Percentile

61.0%

JSON
Related for RH:CVE-2016-4432
ubuntucve1cvelist1github1cve1osv1nvd1prion1f52