What is the severity of CVE-2012-4446?

CVE-2012-4446 is considered to be of medium severity due to the potential for remote attackers to bypass authentication.

How do I fix CVE-2012-4446?

To fix CVE-2012-4446, upgrade Apache Qpid to version 0.23 or later.

What versions of Apache Qpid are affected by CVE-2012-4446?

CVE-2012-4446 affects Apache Qpid versions 0.20 and earlier, as well as specific versions 0.5 through 0.19.

What impact does CVE-2012-4446 have on applications?

CVE-2012-4446 allows remote attackers to bypass authentication, potentially leading to unauthorized access to the application.

Is CVE-2012-4446 associated with a specific configuration option?

Yes, CVE-2012-4446 is related to the default configuration of Apache Qpid when the federation_tag attribute is enabled.

Vulnerability/
CVE-2012-4446

medium

6.8

CWE

287

23/8/2012

14/3/2013

13/5/2023

CVE-2012-4446

First published: Thu Aug 23 2012(Updated: )

The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Apache Qpid	<=0.20
Apache Qpid	=0.5
Apache Qpid	=0.6
Apache Qpid	=0.7
Apache Qpid	=0.8
Apache Qpid	=0.9
Apache Qpid	=0.10
Apache Qpid	=0.11
Apache Qpid	=0.12
Apache Qpid	=0.13
Apache Qpid	=0.14
Apache Qpid	=0.15
Apache Qpid	=0.16
Apache Qpid	=0.17
Apache Qpid	=0.18
Apache Qpid	=0.19
redhat/qpid-cpp	<0.23	0.23

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4446?
CVE-2012-4446 is considered to be of medium severity due to the potential for remote attackers to bypass authentication.
How do I fix CVE-2012-4446?
To fix CVE-2012-4446, upgrade Apache Qpid to version 0.23 or later.
What versions of Apache Qpid are affected by CVE-2012-4446?
CVE-2012-4446 affects Apache Qpid versions 0.20 and earlier, as well as specific versions 0.5 through 0.19.
What impact does CVE-2012-4446 have on applications?
CVE-2012-4446 allows remote attackers to bypass authentication, potentially leading to unauthorized access to the application.
Is CVE-2012-4446 associated with a specific configuration option?
Yes, CVE-2012-4446 is related to the default configuration of Apache Qpid when the federation_tag attribute is enabled.

collector/nvd-index
collector/redhat-bugzilla
alias/CVE-2012-4446
vendor/apache
product/qpid
canonical/apache qpid
package-manager/redhat

Frequently Asked Questions

What is the severity of CVE-2012-4446?
CVE-2012-4446 is considered to be of medium severity due to the potential for remote attackers to bypass authentication.
How do I fix CVE-2012-4446?
To fix CVE-2012-4446, upgrade Apache Qpid to version 0.23 or later.
What versions of Apache Qpid are affected by CVE-2012-4446?
CVE-2012-4446 affects Apache Qpid versions 0.20 and earlier, as well as specific versions 0.5 through 0.19.
What impact does CVE-2012-4446 have on applications?
CVE-2012-4446 allows remote attackers to bypass authentication, potentially leading to unauthorized access to the application.
Is CVE-2012-4446 associated with a specific configuration option?
Yes, CVE-2012-4446 is related to the default configuration of Apache Qpid when the federation_tag attribute is enabled.

CVE-2012-4446

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4446?

How do I fix CVE-2012-4446?

What versions of Apache Qpid are affected by CVE-2012-4446?

What impact does CVE-2012-4446 have on applications?

Is CVE-2012-4446 associated with a specific configuration option?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-4446?

How do I fix CVE-2012-4446?

What versions of Apache Qpid are affected by CVE-2012-4446?

What impact does CVE-2012-4446 have on applications?

Is CVE-2012-4446 associated with a specific configuration option?