Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3467

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3467
Last Modified 29 Jan 2013 11:52:34
Published 27 Aug 2012 07:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3467

Summary

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.

Vulnerable Systems

Application

  • Apache Qpid 0.14

  • Apache Qpid 0.16

  • Apache Qpid 0.5

  • Apache Qpid 0.6


References

CONFIRM - https://issues.apache.org/jira/browse/QPID-3849

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=836276

XF - apache-qpid-broker-sec-bypass(77568)

BID - 54954

MLIST - [oss-security] 20120809 CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1352992

SECUNIA - 50186

SECUNIA - 50698

REDHAT - RHSA-2012:1277

REDHAT - RHSA-2012:1279


Last Updated: 27 May 2016 11:01:44