Published: 12/05/2023 Updated: 24/05/2023

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 0

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eclipse vert.x stomp

DescriptionA flaw was found in the VertX Stomp server The Vertx STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame and replied with a successful CONNECTED frame A malicious user can connect and then create or receive unauthorized contentA flaw was found in the VertX Stomp server T ...

CWE-287 https://github.com/vert-x3/vertx-stomp/commit/0de4bc5a44ddb57e74d92c445f16456fa03f265b https://github.com/vert-x3/vertx-stomp/security/advisories/GHSA-gvrq-cg5r-7chp https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-32081

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-32081

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect