Apache QPID 0.14, 0.16, and previous versions uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote malicious users to bypass authentication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache qpid |
||
apache qpid 0.6 |
||
apache qpid 0.14 |
||
apache qpid 0.5 |