TLS Man in the Middle Vulnerability in Apache Qpid Proton
CVE-2019-0223

7.4HIGH

Key Information:

Vendor

Apache
Status
Apache Qpid Proton
Vendor
CVE Published:
23 April 2019

What is CVE-2019-0223?

A TLS vulnerability in Apache Qpid Proton allows an attacker to exploit a flaw where the library might connect to a peer anonymously, bypassing the verification of the peer certificate. This issue affects versions 0.9 through 0.27.0 when used with OpenSSL versions earlier than 1.1.0, permitting a man in the middle attack if the attacker can intercept the TLS traffic. This could lead to potential data breaches or unauthorized access to sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Qpid Proton 0.9 to 0.27.0

References

https://lists.apache.org/thread.html/49c83f0acce5ceaeffca...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/3adb2f020f705b4fd453...
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/04/23/4
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.