Max CVSS | 6.8 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-3467 | 5.0 |
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
|
29-08-2017 - 01:31 | 27-08-2012 - 23:55 | |
CVE-2012-4458 | 5.0 |
The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
|
19-03-2013 - 16:49 | 14-03-2013 - 03:10 | |
CVE-2012-4459 | 5.0 |
Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
|
19-03-2013 - 04:00 | 14-03-2013 - 03:10 | |
CVE-2012-4446 | 6.8 |
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified
|
19-03-2013 - 04:00 | 14-03-2013 - 03:10 |