Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4446

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4446
Last Modified 19 Mar 2013 12:00:00
Published 13 Mar 2013 11:10:22
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4446

Summary

The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.

Vulnerable Systems

Application

  • Apache Qpid 0.10

  • Apache Qpid 0.11

  • Apache Qpid 0.12

  • Apache Qpid 0.13

  • Apache Qpid 0.14

  • Apache Qpid 0.15

  • Apache Qpid 0.16

  • Apache Qpid 0.17

  • Apache Qpid 0.18

  • Apache Qpid 0.19

  • Apache Qpid 0.20

  • Apache Qpid 0.5

  • Apache Qpid 0.6

  • Apache Qpid 0.7

  • Apache Qpid 0.8

  • Apache Qpid 0.9


References

CONFIRM - https://issues.apache.org/jira/browse/QPID-4631

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=851355

SECUNIA - 52516

REDHAT - RHSA-2013:0562

REDHAT - RHSA-2013:0561


Last Updated: 27 May 2016 11:02:04