CVE-2016-4432 Information

Feb 14, 2021 cve

Description

The AMQP 0-8 0-9 0-91 and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Reference

http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/3CCAFEMS4tXDKYxKVMmU0zTb_7uzduoUS4_RePnUwz1tj2BGQLNw5Q40mail.gmail.com3E http://packetstormsecurity.com/files/137216/Apache-Qpid-Java-Broker-6.0.2-Authentication-Bypass.html http://www.securityfocus.com/archive/1/538508/100/0/threaded http://www.securitytracker.com/id/1035983 https://issues.apache.org/jira/browse/QPID-7257 https://svn.apache.org/viewvc?view=revision&revision=1743161 https://svn.apache.org/viewvc?view=revision&revision=1743393

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

9.1

Share on: