Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Message Queuing Security Vulnerabilities

cve
cve

CVE-2023-34050

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes...

5CVSS

4.8AI Score

0.0004EPSS

2023-10-19 08:15 AM
53
cve
cve

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large...

6.5CVSS

6.3AI Score

0.001EPSS

2021-11-30 07:15 PM
27
cve
cve

CVE-2021-22097

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%....

6.5CVSS

6.4AI Score

0.001EPSS

2021-10-28 04:15 PM
45
cve
cve

CVE-2018-11087

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in...

5.9CVSS

5.3AI Score

0.001EPSS

2018-09-14 08:29 PM
60
cve
cve

CVE-2017-8045

In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution...

9.8CVSS

9.6AI Score

0.055EPSS

2017-11-27 10:29 AM
42
cve
cve

CVE-2016-2173

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary...

9.8CVSS

9.5AI Score

0.02EPSS

2017-04-21 08:59 PM
45
cve
cve

CVE-2007-3039

Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely...

7.5AI Score

0.972EPSS

2007-12-12 12:46 AM
32
cve
cve

CVE-2005-2667

Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port...

6.5AI Score

0.014EPSS

2005-08-23 04:00 AM
28
3