Authentication Bypass Vulnerability in Apache Qpid by Red Hat
CVE-2012-4446

Currently unrated

Key Information:

Vendor: Apache
Status: Qpid
Vendor: CVE Published:; 14 March 2013

What is CVE-2012-4446?

The default settings in Apache Qpid versions 0.20 and earlier, when utilizing the federation_tag attribute, permit AMQP connections without validating the source user ID. This flaw enables remote attackers to exploit authentication mechanisms, potentially resulting in unauthorized access and various unspecified impacts through crafted AMQP requests.

References

https://issues.apache.org/jira/browse/QPID-4631

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2013-0561.html

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2013-0562.html

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 14, 2013