Published: 03/05/2012 Updated: 14/08/2012

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote malicious users to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache qpid 0.12

Synopsis Moderate: Red Hat Enterprise MRG Messaging 21 security and enhancement update Type/Severity Security Advisory: Moderate Topic Updated Messaging packages that resolve one security issue, fix multiplebugs, and add various enhancements are now available for Red Hat EnterpriseMRG 21 for Red Hat Enter ...

CWE-287 https://reviews.apache.org/r/2988/https://issues.apache.org/jira/browse/QPID-3652 https://bugzilla.redhat.com/show_bug.cgi?id=747078 http://secunia.com/advisories/49000 http://www.securitytracker.com/id?1026990 https://access.redhat.com/errata/RHSA-2012:0528 https://nvd.nist.gov

CVE-2011-3620

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect