First published: Thu Aug 23 2012(Updated: )
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Qpid | <=0.20 | |
Apache Qpid | =0.5 | |
Apache Qpid | =0.6 | |
Apache Qpid | =0.7 | |
Apache Qpid | =0.8 | |
Apache Qpid | =0.9 | |
Apache Qpid | =0.10 | |
Apache Qpid | =0.11 | |
Apache Qpid | =0.12 | |
Apache Qpid | =0.13 | |
Apache Qpid | =0.14 | |
Apache Qpid | =0.15 | |
Apache Qpid | =0.16 | |
Apache Qpid | =0.17 | |
Apache Qpid | =0.18 | |
Apache Qpid | =0.19 | |
redhat/qpid-cpp | <0.23 | 0.23 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.