Authentication Bypass Vulnerability in Apache Qpid by Red Hat
CVE-2012-4446
Currently unrated
Summary
The default settings in Apache Qpid versions 0.20 and earlier, when utilizing the federation_tag attribute, permit AMQP connections without validating the source user ID. This flaw enables remote attackers to exploit authentication mechanisms, potentially resulting in unauthorized access and various unspecified impacts through crafted AMQP requests.
References
Timeline
Vulnerability Reserved
Vulnerability published