The Python client in Apache Qpid prior to 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise mrg 2.0 |
||
apache qpid 0.11 |
||
apache qpid 0.12 |
||
apache qpid 0.13 |
||
apache qpid 0.14 |
||
apache qpid 0.16 |
||
apache qpid 0.18 |
||
apache qpid |
||
apache qpid 0.19 |
||
apache qpid 0.5 |
||
apache qpid 0.6 |
||
apache qpid 0.7 |
||
apache qpid 0.8 |
||
apache qpid 0.10 |
||
apache qpid 0.15 |
||
apache qpid 0.17 |
||
apache qpid 0.9 |