qpid-cpp is vulnerable to authorization bypass attacks. The vulnerability exists as qpid-cpp does not properly verify credentials during the joining of a cluster. This allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by using a valid cluster-username.
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Technical_Notes/index.html#RHSA-2012-0528
secunia.com/advisories/49000
www.securitytracker.com/id?1026990
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=747078
issues.apache.org/jira/browse/QPID-3652
reviews.apache.org/r/2988/
rhn.redhat.com/errata/RHSA-2012-0528.html