Published: 14/03/2013 Updated: 19/03/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The default configuration for Apache Qpid 0.20 and previous versions, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote malicious users to bypass authentication and have other unspecified impact via an AMQP request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache qpid 0.7
apache qpid 0.6
apache qpid 0.5
apache qpid 0.16
apache qpid 0.15
apache qpid 0.14
apache qpid 0.13
apache qpid 0.19
apache qpid 0.17
apache qpid 0.12
apache qpid 0.10
apache qpid 0.8
apache qpid
apache qpid 0.18
apache qpid 0.11
apache qpid 0.9

Synopsis Moderate: Red Hat Enterprise MRG Messaging 23 security update Type/Severity Security Advisory: Moderate Topic Updated Messaging component packages that fix multiple security issues,several bugs, and add various enhancements are now available for Red HatEnterprise MRG 23 for Red Hat Enterprise Lin ...

CWE-287 http://secunia.com/advisories/52516 http://rhn.redhat.com/errata/RHSA-2013-0561.html http://rhn.redhat.com/errata/RHSA-2013-0562.html https://bugzilla.redhat.com/show_bug.cgi?id=851355 https://issues.apache.org/jira/browse/QPID-4631 https://access.redhat.com/errata/RHSA-2013:0562 https://nvd.nist.gov

CVE-2012-4446

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect