Published: 01/06/2016 Updated: 22/05/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

PlainSaslServer.java in Apache Qpid Java prior to 6.0.3, when the broker is configured to allow plaintext passwords, allows remote malicious users to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache qpid broker-j

PlainSaslServerjava in Apache Qpid Java before 603, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception ...

CWE-287 CWE-20 https://issues.apache.org/jira/browse/QPID-7271 http://qpid.apache.org/releases/qpid-java-6.0.3/release-notes.html https://svn.apache.org/viewvc?view=revision&revision=1744403 http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3C5748641A.2050701%40gmail.com%3E http://packetstormsecurity.com/files/137215/Apache-Qpid-Java-Broker-6.0.2-Denial-Of-Service.html http://www.securitytracker.com/id/1035982 http://www.securityfocus.com/archive/1/538507/100/0/threaded https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-3094

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-3094

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect