Lucene search

Veracode Vulnerability DatabaseVERACODE:11192

HistoryJan 15, 2019 - 8:58 a.m.

Authentication Bypass

2019-01-1508:58:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

67.9%

JSON

qpid is vulnerable to authentication bypass attacks. The vulnerability exists as the default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.

CPENameOperatorVersion
qpid-javaeq0.2.687156__1.el5
qpid-javaeq0.5.751061__2.el5
qpid-javaeq0.5.751061__7.el5
qpid-javaeq0.5.751061__9.el5
qpid-javaeq0.7.946106__11.el5
qpid-javaeq0.14__3.el5
qpid-javaeq0.7.946106__12.el5
qpid-javaeq0.18__2.el5
qpid-javaeq0.5.751061__8.el5
qpid-javaeq0.18__2.el6

Name	Operator	Version
qpid-java	eq	0.2.687156__1.el5
qpid-java	eq	0.5.751061__2.el5
qpid-java	eq	0.5.751061__7.el5
qpid-java	eq	0.5.751061__9.el5
qpid-java	eq	0.7.946106__11.el5
qpid-java	eq	0.14__3.el5
qpid-java	eq	0.7.946106__12.el5
qpid-java	eq	0.18__2.el5
qpid-java	eq	0.5.751061__8.el5
qpid-java	eq	0.18__2.el6

Rows per page:

1-10 of 1051

References

rhn.redhat.com/errata/RHSA-2013-0561.html

rhn.redhat.com/errata/RHSA-2013-0562.html

secunia.com/advisories/52516

access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0561.html

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=678612

bugzilla.redhat.com/show_bug.cgi?id=710787

bugzilla.redhat.com/show_bug.cgi?id=720714

bugzilla.redhat.com/show_bug.cgi?id=737685

bugzilla.redhat.com/show_bug.cgi?id=740485

bugzilla.redhat.com/show_bug.cgi?id=754990

bugzilla.redhat.com/show_bug.cgi?id=773719

bugzilla.redhat.com/show_bug.cgi?id=781496

bugzilla.redhat.com/show_bug.cgi?id=782806

bugzilla.redhat.com/show_bug.cgi?id=783215

bugzilla.redhat.com/show_bug.cgi?id=784957

bugzilla.redhat.com/show_bug.cgi?id=786555

bugzilla.redhat.com/show_bug.cgi?id=790004

bugzilla.redhat.com/show_bug.cgi?id=800912

bugzilla.redhat.com/show_bug.cgi?id=801605

bugzilla.redhat.com/show_bug.cgi?id=804752

bugzilla.redhat.com/show_bug.cgi?id=813742

bugzilla.redhat.com/show_bug.cgi?id=814356

bugzilla.redhat.com/show_bug.cgi?id=834256

bugzilla.redhat.com/show_bug.cgi?id=846465

bugzilla.redhat.com/show_bug.cgi?id=849788

bugzilla.redhat.com/show_bug.cgi?id=849790

bugzilla.redhat.com/show_bug.cgi?id=851355

bugzilla.redhat.com/show_bug.cgi?id=856299

bugzilla.redhat.com/show_bug.cgi?id=860011

bugzilla.redhat.com/show_bug.cgi?id=861838

bugzilla.redhat.com/show_bug.cgi?id=866677

bugzilla.redhat.com/show_bug.cgi?id=868403

bugzilla.redhat.com/show_bug.cgi?id=868881

bugzilla.redhat.com/show_bug.cgi?id=870058

bugzilla.redhat.com/show_bug.cgi?id=871774

bugzilla.redhat.com/show_bug.cgi?id=876193

bugzilla.redhat.com/show_bug.cgi?id=876664

bugzilla.redhat.com/show_bug.cgi?id=877081

bugzilla.redhat.com/show_bug.cgi?id=877553

bugzilla.redhat.com/show_bug.cgi?id=882243

bugzilla.redhat.com/show_bug.cgi?id=884036

bugzilla.redhat.com/show_bug.cgi?id=888392

bugzilla.redhat.com/show_bug.cgi?id=893980

bugzilla.redhat.com/show_bug.cgi?id=895535

issues.apache.org/jira/browse/QPID-4631