Auth bypass in Apache Qpid
CVE-2011-3620
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-us…
Vulnerability class: Broken Authentication
EPSS: 0.030 (86.8th percentile) — read the EPSS interpretation.
Affected products
- Apache Qpid — versions 0.12
- N/a — versions n/a
Weakness classification (CWE)
References
- 49000 (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- 1026990 (vdb-entry, x_refsource_SECTRACK)